{"api_version":"1","generated_at":"2026-04-23T05:14:53+00:00","cve":"CVE-2006-4958","urls":{"html":"https://cve.report/CVE-2006-4958","api":"https://cve.report/api/cve/CVE-2006-4958.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-4958","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-4958"},"summary":{"title":"CVE-2006-4958","description":"Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi.  NOTE: This information is based upon a vague initial disclosure.  Details will be updated as they become available.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-09-23 10:07:00","updated_at":"2018-10-17 21:40:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://securitytracker.com/id?1016900","name":"1016900","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Sun Secure Global Desktop Input Validation Holes Permit Cross-Site Scripting Attacks and Disclose System Information to Remote Users","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555","name":"http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555","refsource":"MISC","tags":[],"title":"scip AG [Security - Consulting - Information - Process]","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/3739","name":"ADV-2006-3739","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29070","name":"sun-ssgd-unspecified-xss(29070)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/20135","name":"20135","refsource":"BID","tags":[],"title":"Sun Secure Global Desktop Unspecified Multiple Input Validation Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/22037","name":"22037","refsource":"SECUNIA","tags":[],"title":"Sun Secure Global Desktop Cross-Site Scripting Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29303","name":"sun-ssgd-xss(29303)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/446566/100/0/threaded","name":"20060921 [scip_Advisory 2555] Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1","name":"102650","refsource":"SUNALERT","tags":[],"title":"#102650: Cross-site Scripting Vulnerabilities in the Sun Secure Global Desktop Software","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm","name":"http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm","refsource":"CONFIRM","tags":[],"title":"ASA-2006-235 (SUN 102144, 102510, 102563, 102568, 102650)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/1623","name":"1623","refsource":"SREASON","tags":[],"title":"SecurityReason - Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/20276","name":"20276","refsource":"BID","tags":[],"title":"Sun Secure Global Desktop Multiple Unspecified Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-4958","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-4958","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"4958","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"secure_global_desktop","cpe6":"3.42","cpe7":"*","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4958","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"secure_global_desktop","cpe6":"4.0","cpe7":"*","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4958","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"secure_global_desktop","cpe6":"3.42","cpe7":"*","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4958","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"secure_global_desktop","cpe6":"4.0","cpe7":"*","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-4958","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi.  NOTE: This information is based upon a vague initial disclosure.  Details will be updated as they become available."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1016900","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016900"},{"name":"sun-ssgd-unspecified-xss(29070)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29070"},{"name":"22037","refsource":"SECUNIA","url":"http://secunia.com/advisories/22037"},{"name":"20060921 [scip_Advisory 2555] Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/446566/100/0/threaded"},{"name":"20276","refsource":"BID","url":"http://www.securityfocus.com/bid/20276"},{"name":"sun-ssgd-xss(29303)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/29303"},{"name":"http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555","refsource":"MISC","url":"http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555"},{"name":"http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm","refsource":"CONFIRM","url":"http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm"},{"name":"102650","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1"},{"name":"1623","refsource":"SREASON","url":"http://securityreason.com/securityalert/1623"},{"name":"ADV-2006-3739","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/3739"},{"name":"20135","refsource":"BID","url":"http://www.securityfocus.com/bid/20135"}]}},"nvd":{"publishedDate":"2006-09-23 10:07:00","lastModifiedDate":"2018-10-17 21:40:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sun:secure_global_desktop:4.0:*:enterprise:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sun:secure_global_desktop:3.42:*:enterprise:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"4958","Ordinal":"20300","Title":"CVE-2006-4958","CVE":"CVE-2006-4958","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"4958","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi.  NOTE: This information is based upon a vague initial disclosure.  Details will be updated as they become available.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"4958","Ordinal":"2","NoteData":"2006-09-23","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"4958","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}