CVE-2006-7022 - Vulnerability Details - OpenCVE

The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fx-app	Fx-app

Configuration 1 [-]

cpe:2.3:a:fx-app:fx-app:0.0.8.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/2251
http://www.securityfocus.com/archive/1/436691/30/4500/threaded
http://www.securityfocus.com/bid/18361
https://exchange.xforce.ibmcloud.com/vulnerabilities/27180

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-15T02:00:00

Updated: 2024-08-07T20:50:05.835Z

Reserved: 2007-02-14T00:00:00

Link: CVE-2006-7022

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-02-15T02:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-7022

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "fxapp-url-xss(27180)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}, {"name": "2251", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2251"}, {"name": "20060610 fx-APP Version 0.0.8.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"name": "18361", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18361"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7022", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "fxapp-url-xss(27180)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}, {"name": "2251", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2251"}, {"name": "20060610 fx-APP Version 0.0.8.1", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"name": "18361", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18361"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:50:05.835Z"}, "title": "CVE Program Container", "references": [{"name": "fxapp-url-xss(27180)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}, {"name": "2251", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2251"}, {"name": "20060610 fx-APP Version 0.0.8.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"name": "18361", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18361"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7022", "datePublished": "2007-02-15T02:00:00", "dateReserved": "2007-02-14T00:00:00", "dateUpdated": "2024-08-07T20:50:05.835Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fx-app:fx-app:0.0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "5EE4BD03-8E06-41D4-B572-85B34EBFF9F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe."}, {"lang": "es", "value": "El m\u00f3dulo Tools en fx-APP 0.0.8.1 permite a atacantes remotos deformar el contenido de una pagina web a trav\u00e9s de una URL de su elecci\u00f3n en el par\u00e1metro url en la acci\u00f3n showhtml para index.php, lo caul provoca que la URL se muestre dentro de un iframe."}], "id": "CVE-2006-7022", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-15T02:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2251"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18361"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/436691/30/4500/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27180"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}