{"api_version":"1","generated_at":"2026-07-10T00:08:01+00:00","cve":"CVE-2006-2572","urls":{"html":"https://cve.report/CVE-2006-2572","api":"https://cve.report/api/cve/CVE-2006-2572.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2572","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2572"},"summary":{"title":"CVE-2006-2572","description":"Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-05-24 23:02:00","updated_at":"2018-10-19 15:46:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/18310","name":"18310","refsource":"BID","tags":[],"title":"DGbook HTML Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/20201","name":"20201","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"DGBook \"index.php\" Multiple Vulnerabilities - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1942","name":"ADV-2006-1942","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/436615/100/0/threaded","name":"20060609 Re: DGbook v1.0 - XSS","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26629","name":"dgbook-index-xss(26629)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/434869/100/0/threaded","name":"20060523 DGbook v1.0 - XSS","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/25732","name":"25732","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://securityreason.com/securityalert/948","name":"948","refsource":"SREASON","tags":[],"title":"CXSecurity - IDS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2572","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2572","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2572","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dian_gemilang","cpe5":"dgbook","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2572","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dian_gemilang","cpe5":"dgbook","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2572","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"25732","refsource":"OSVDB","url":"http://www.osvdb.org/25732"},{"name":"20060609 Re: DGbook v1.0 - XSS","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/436615/100/0/threaded"},{"name":"20060523 DGbook v1.0 - XSS","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/434869/100/0/threaded"},{"name":"18310","refsource":"BID","url":"http://www.securityfocus.com/bid/18310"},{"name":"20201","refsource":"SECUNIA","url":"http://secunia.com/advisories/20201"},{"name":"dgbook-index-xss(26629)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26629"},{"name":"948","refsource":"SREASON","url":"http://securityreason.com/securityalert/948"},{"name":"ADV-2006-1942","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1942"}]}},"nvd":{"publishedDate":"2006-05-24 23:02:00","lastModifiedDate":"2018-10-19 15:46:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.6},"severity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dian_gemilang:dgbook:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2572","Ordinal":"17887","Title":"CVE-2006-2572","CVE":"CVE-2006-2572","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2572","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2572","Ordinal":"2","NoteData":"2006-05-24","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2572","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}