{"api_version":"1","generated_at":"2026-07-12T06:25:02+00:00","cve":"CVE-2006-2986","urls":{"html":"https://cve.report/CVE-2006-2986","api":"https://cve.report/api/cve/CVE-2006-2986.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2986","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2986"},"summary":{"title":"CVE-2006-2986","description":"Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-13 01:02:00","updated_at":"2018-10-18 16:45:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/20533","name":"20533","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - vSCAL / vsREAL Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/436411/100/0/threaded","name":"20060607 Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/1084","name":"1084","refsource":"SREASON","tags":[],"title":"Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2238","name":"ADV-2006-2238","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27095","name":"vscal-vsreal-index-myslideshow-xss(27095)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18350","name":"18350","refsource":"BID","tags":[],"title":"Baby Katie Media VSReal and VScal Multiple Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2986","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2986","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2986","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"baby_katie_media","cpe5":"very_simple_car_lister","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2986","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"baby_katie_media","cpe5":"very_simple_car_lister","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2986","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"baby_katie_media","cpe5":"very_simple_realty_lister","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2986","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"baby_katie_media","cpe5":"very_simple_realty_lister","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2986","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-2238","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2238"},{"name":"20533","refsource":"SECUNIA","url":"http://secunia.com/advisories/20533"},{"name":"18350","refsource":"BID","url":"http://www.securityfocus.com/bid/18350"},{"name":"1084","refsource":"SREASON","url":"http://securityreason.com/securityalert/1084"},{"name":"20060607 Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/436411/100/0/threaded"},{"name":"vscal-vsreal-index-myslideshow-xss(27095)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27095"}]}},"nvd":{"publishedDate":"2006-06-13 01:02:00","lastModifiedDate":"2018-10-18 16:45:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:baby_katie_media:very_simple_car_lister:1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:baby_katie_media:very_simple_realty_lister:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2986","Ordinal":"18306","Title":"CVE-2006-2986","CVE":"CVE-2006-2986","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2986","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2986","Ordinal":"2","NoteData":"2006-06-12","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2986","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}