{"api_version":"1","generated_at":"2026-04-23T06:59:35+00:00","cve":"CVE-2006-2925","urls":{"html":"https://cve.report/CVE-2006-2925","api":"https://cve.report/api/cve/CVE-2006-2925.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2925","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2925"},"summary":{"title":"CVE-2006-2925","description":"Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to \"XSS exploits\" in administrator functionality.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-09 10:02:00","updated_at":"2017-07-20 01:31:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.ingate.com/relnote-441.php","name":"http://www.ingate.com/relnote-441.php","refsource":"CONFIRM","tags":["Patch"],"title":"Release notice for Ingate Firewall® 4.4.1 and Ingate SIParator® 4.4.1","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26978","name":"ingate-gui-xss(26978)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20479","name":"20479","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Secunia - Advisories - Ingate Firewall and SIParator Two Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016244","name":"1016244","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Ingate Firewall Bugs Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2183","name":"ADV-2006-2183","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016245","name":"1016245","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Ingate SIParator Bugs Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2925","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2925","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2925","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ingate","cpe5":"ingate_firewall","cpe6":"4.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2925","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ingate","cpe5":"ingate_firewall","cpe6":"4.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2925","vulnerable":"1","versionEndIncluding":"4.3.4","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ingate","cpe5":"ingate_firewall","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2925","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ingate","cpe5":"siparator","cpe6":"4.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2925","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ingate","cpe5":"siparator","cpe6":"4.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2925","vulnerable":"1","versionEndIncluding":"4.3.4","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ingate","cpe5":"siparator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2925","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to \"XSS exploits\" in administrator functionality."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1016245","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016245"},{"name":"1016244","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016244"},{"name":"http://www.ingate.com/relnote-441.php","refsource":"CONFIRM","url":"http://www.ingate.com/relnote-441.php"},{"name":"ADV-2006-2183","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2183"},{"name":"20479","refsource":"SECUNIA","url":"http://secunia.com/advisories/20479"},{"name":"ingate-gui-xss(26978)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26978"}]}},"nvd":{"publishedDate":"2006-06-09 10:02:00","lastModifiedDate":"2017-07-20 01:31:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":4.9,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:ingate:siparator:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:ingate:siparator:4.3.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:ingate:ingate_firewall:4.3.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2925","Ordinal":"18245","Title":"CVE-2006-2925","CVE":"CVE-2006-2925","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2925","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to \"XSS exploits\" in administrator functionality.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2925","Ordinal":"2","NoteData":"2006-06-09","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2925","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}