{"api_version":"1","generated_at":"2026-07-10T18:20:53+00:00","cve":"CVE-2006-2885","urls":{"html":"https://cve.report/CVE-2006-2885","api":"https://cve.report/api/cve/CVE-2006-2885.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2885","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2885"},"summary":{"title":"CVE-2006-2885","description":"Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-07 10:02:00","updated_at":"2017-07-20 01:31:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26940","name":"knowledgetree-view-simplesearch-xss(26940)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html","name":"http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html","refsource":"MISC","tags":[],"title":"- UNSECURED SYSTEMS -: KnowledgeTree Open Source XSS vuln.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18324","name":"18324","refsource":"BID","tags":[],"title":"KnowledgeTree Open Source Cross-site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/26179","name":"26179","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/2157","name":"ADV-2006-2157","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/26180","name":"26180","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/20455","name":"20455","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - KnowledgeTree Open Source Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2885","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2885","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2885","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"knowledgetree","cpe5":"knowledgetree","cpe6":"3.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2885","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"knowledgetree","cpe5":"knowledgetree","cpe6":"3.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2885","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"knowledgetree-view-simplesearch-xss(26940)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26940"},{"name":"20455","refsource":"SECUNIA","url":"http://secunia.com/advisories/20455"},{"name":"26179","refsource":"OSVDB","url":"http://www.osvdb.org/26179"},{"name":"ADV-2006-2157","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2157"},{"name":"http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html","refsource":"MISC","url":"http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html"},{"name":"18324","refsource":"BID","url":"http://www.securityfocus.com/bid/18324"},{"name":"26180","refsource":"OSVDB","url":"http://www.osvdb.org/26180"}]}},"nvd":{"publishedDate":"2006-06-07 10:02:00","lastModifiedDate":"2017-07-20 01:31:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:knowledgetree:knowledgetree:3.0.3:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2885","Ordinal":"18205","Title":"CVE-2006-2885","CVE":"CVE-2006-2885","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2885","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2885","Ordinal":"2","NoteData":"2006-06-07","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2885","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}