{"api_version":"1","generated_at":"2026-07-11T07:40:52+00:00","cve":"CVE-2006-2678","urls":{"html":"https://cve.report/CVE-2006-2678","api":"https://cve.report/api/cve/CVE-2006-2678.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2678","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2678"},"summary":{"title":"CVE-2006-2678","description":"Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-05-31 10:06:00","updated_at":"2018-10-18 16:41:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.osvdb.org/26069","name":"26069","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://securityreason.com/securityalert/996","name":"996","refsource":"SREASON","tags":[],"title":"SecurityReason - Pre News Manager v1.0","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/26067","name":"26067","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.osvdb.org/26071","name":"26071","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/20284","name":"20284","refsource":"SECUNIA","tags":[],"title":"Pre News Manager Multiple SQL Injection Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18333","name":"18333","refsource":"BID","tags":[],"title":"Pre News Manager Multiple Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/26066","name":"26066","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26692","name":"prenewsmanager-multiple-xss(26692)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/26072","name":"26072","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.osvdb.org/26068","name":"26068","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/1990","name":"ADV-2006-1990","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/435020/100/0/threaded","name":"20060524 Pre News Manager v1.0","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/26070","name":"26070","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2678","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2678","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2678","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pre_projects","cpe5":"pre_news_manager","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2678","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pre_projects","cpe5":"pre_news_manager","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2678","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"26068","refsource":"OSVDB","url":"http://www.osvdb.org/26068"},{"name":"prenewsmanager-multiple-xss(26692)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26692"},{"name":"20060524 Pre News Manager v1.0","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/435020/100/0/threaded"},{"name":"996","refsource":"SREASON","url":"http://securityreason.com/securityalert/996"},{"name":"ADV-2006-1990","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1990"},{"name":"26070","refsource":"OSVDB","url":"http://www.osvdb.org/26070"},{"name":"20284","refsource":"SECUNIA","url":"http://secunia.com/advisories/20284"},{"name":"26069","refsource":"OSVDB","url":"http://www.osvdb.org/26069"},{"name":"26071","refsource":"OSVDB","url":"http://www.osvdb.org/26071"},{"name":"26072","refsource":"OSVDB","url":"http://www.osvdb.org/26072"},{"name":"18333","refsource":"BID","url":"http://www.securityfocus.com/bid/18333"},{"name":"26066","refsource":"OSVDB","url":"http://www.osvdb.org/26066"},{"name":"26067","refsource":"OSVDB","url":"http://www.osvdb.org/26067"}]}},"nvd":{"publishedDate":"2006-05-31 10:06:00","lastModifiedDate":"2018-10-18 16:41:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pre_projects:pre_news_manager:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2678","Ordinal":"17998","Title":"CVE-2006-2678","CVE":"CVE-2006-2678","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2678","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2678","Ordinal":"2","NoteData":"2006-05-31","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2678","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}