{"api_version":"1","generated_at":"2026-06-20T11:45:38+00:00","cve":"CVE-2006-0180","urls":{"html":"https://cve.report/CVE-2006-0180","api":"https://cve.report/api/cve/CVE-2006-0180.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-0180","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-0180"},"summary":{"title":"CVE-2006-0180","description":"Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the \"Adding New Event\" page, and possibly other vectors, involving iframe tags.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-01-12 06:02:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/18417","name":"http://secunia.com/advisories/18417","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - CaLogic \"title\" New Event Script Insertion Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/22322","name":"http://www.osvdb.org/22322","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/422163/100/0/threaded","name":"http://www.securityfocus.com/archive/1/422163/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://evuln.com/vulns/24/summary.html","name":"http://evuln.com/vulns/24/summary.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"eVuln.com - CaLogic Calendars Multiple XSS Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0149","name":"http://www.vupen.com/english/advisories/2006/0149","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24077","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24077","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/16206","name":"http://www.securityfocus.com/bid/16206","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CaLogic Calendars Add Event Multiple HTML Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-0180","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-0180","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"180","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"calogic","cpe5":"calogic_calendars","cpe6":"1.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:25:34.102Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ADV-2006-0149","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/0149"},{"name":"calogic-newevent-xss(24077)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24077"},{"name":"20060116 [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/422163/100/0/threaded"},{"name":"16206","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/16206"},{"name":"22322","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/22322"},{"name":"18417","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/18417"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://evuln.com/vulns/24/summary.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-01-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the \"Adding New Event\" page, and possibly other vectors, involving iframe tags."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-19T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"ADV-2006-0149","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/0149"},{"name":"calogic-newevent-xss(24077)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24077"},{"name":"20060116 [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/422163/100/0/threaded"},{"name":"16206","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/16206"},{"name":"22322","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/22322"},{"name":"18417","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/18417"},{"tags":["x_refsource_MISC"],"url":"http://evuln.com/vulns/24/summary.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-0180","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the \"Adding New Event\" page, and possibly other vectors, involving iframe tags."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-0149","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0149"},{"name":"calogic-newevent-xss(24077)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24077"},{"name":"20060116 [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/422163/100/0/threaded"},{"name":"16206","refsource":"BID","url":"http://www.securityfocus.com/bid/16206"},{"name":"22322","refsource":"OSVDB","url":"http://www.osvdb.org/22322"},{"name":"18417","refsource":"SECUNIA","url":"http://secunia.com/advisories/18417"},{"name":"http://evuln.com/vulns/24/summary.html","refsource":"MISC","url":"http://evuln.com/vulns/24/summary.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-0180","datePublished":"2006-01-12T11:00:00.000Z","dateReserved":"2006-01-12T00:00:00.000Z","dateUpdated":"2024-08-07T16:25:34.102Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-01-12 06:02:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:calogic:calogic_calendars:1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B9F3A94B-F5D9-43CA-AB4E-6C4E7DB310D2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"180","Ordinal":"1","Title":"CVE-2006-0180","CVE":"CVE-2006-0180","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"180","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the \"Adding New Event\" page, and possibly other vectors, involving iframe tags.","Type":"Description","Title":"CVE-2006-0180"},{"CveYear":"2006","CveId":"180","Ordinal":"2","NoteData":"2006-01-12","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"180","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}