{"api_version":"1","generated_at":"2026-07-06T16:33:29+00:00","cve":"CVE-2006-2851","urls":{"html":"https://cve.report/CVE-2006-2851","api":"https://cve.report/api/cve/CVE-2006-2851.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2851","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2851"},"summary":{"title":"CVE-2006-2851","description":"Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-06 20:06:00","updated_at":"2017-07-20 01:31:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://sourceforge.net/project/shownotes.php?release_id=422371","name":"http://sourceforge.net/project/shownotes.php?release_id=422371","refsource":"CONFIRM","tags":["Patch"],"title":"SourceForge.net: dotProject: Files","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://jvn.jp/jp/JVN%2397636431/index.html","name":"JVN#97636431","refsource":"JVN","tags":[],"title":"JVN#97636431: dotProject におけるクロスサイトスクリプティングの脆弱性","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26904","name":"dotproject-xss(26904)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20418","name":"20418","refsource":"SECUNIA","tags":["Exploit","Vendor Advisory"],"title":"dotProject Cross-Site Scripting Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2124","name":"ADV-2006-2124","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18275","name":"18275","refsource":"BID","tags":[],"title":"dotProject Unspecified Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://jvn.jp/jp/JVN#97636431/index.html","name":"JVN:JVN#97636431","refsource":"MITRE","tags":[],"title":"","mime":"text/plain","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2851","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2851","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2851","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dotproject","cpe5":"dotproject","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2851","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dotproject","cpe5":"dotproject","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2851","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dotproject","cpe5":"dotproject","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2851","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dotproject","cpe5":"dotproject","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2851","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dotproject","cpe5":"dotproject","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2851","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dotproject","cpe5":"dotproject","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2851","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"18275","refsource":"BID","url":"http://www.securityfocus.com/bid/18275"},{"name":"dotproject-xss(26904)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26904"},{"name":"JVN#97636431","refsource":"JVN","url":"http://jvn.jp/jp/JVN%2397636431/index.html"},{"name":"http://sourceforge.net/project/shownotes.php?release_id=422371","refsource":"CONFIRM","url":"http://sourceforge.net/project/shownotes.php?release_id=422371"},{"name":"20418","refsource":"SECUNIA","url":"http://secunia.com/advisories/20418"},{"name":"ADV-2006-2124","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2124"}]}},"nvd":{"publishedDate":"2006-06-06 20:06:00","lastModifiedDate":"2017-07-20 01:31:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dotproject:dotproject:2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dotproject:dotproject:2.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dotproject:dotproject:2.0.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2851","Ordinal":"18171","Title":"CVE-2006-2851","CVE":"CVE-2006-2851","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2851","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2851","Ordinal":"2","NoteData":"2006-06-06","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2851","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}