{"api_version":"1","generated_at":"2026-07-11T17:03:56+00:00","cve":"CVE-2006-3004","urls":{"html":"https://cve.report/CVE-2006-3004","api":"https://cve.report/api/cve/CVE-2006-3004.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3004","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3004"},"summary":{"title":"CVE-2006-3004","description":"Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-13 01:02:00","updated_at":"2017-07-20 01:31:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://securityreason.com/securityalert/1097","name":"1097","refsource":"SREASON","tags":[],"title":"SecurityReason - Ez Ringtone Manager from scriptez.net - XSS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27062","name":"ezringtone-player-xss(27062)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/436424","name":"20060608 Ez Ringtone Manager from scriptez.net - XSS","refsource":"BUGTRAQ","tags":["Exploit"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20530","name":"20530","refsource":"SECUNIA","tags":["Exploit"],"title":"Secunia - Advisories - Ez Ringtone Manager Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18340","name":"18340","refsource":"BID","tags":[],"title":"ScriptsEZ Ez Ringtone Manager Player.PHP Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/2237","name":"ADV-2006-2237","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3004","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3004","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3004","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"scriptsez","cpe5":"ez_ringtone_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3004","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"scriptsez","cpe5":"ez_ringtone_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3004","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ezringtone-player-xss(27062)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27062"},{"name":"20530","refsource":"SECUNIA","url":"http://secunia.com/advisories/20530"},{"name":"1097","refsource":"SREASON","url":"http://securityreason.com/securityalert/1097"},{"name":"20060608 Ez Ringtone Manager from scriptez.net - XSS","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/436424"},{"name":"18340","refsource":"BID","url":"http://www.securityfocus.com/bid/18340"},{"name":"ADV-2006-2237","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2237"}]}},"nvd":{"publishedDate":"2006-06-13 01:02:00","lastModifiedDate":"2017-07-20 01:31:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:scriptsez:ez_ringtone_manager:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3004","Ordinal":"18324","Title":"CVE-2006-3004","CVE":"CVE-2006-3004","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3004","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3004","Ordinal":"2","NoteData":"2006-06-12","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3004","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}