{"api_version":"1","generated_at":"2026-04-09T23:38:02+00:00","cve":"CVE-2006-4964","urls":{"html":"https://cve.report/CVE-2006-4964","api":"https://cve.report/api/cve/CVE-2006-4964.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-4964","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-4964"},"summary":{"title":"CVE-2006-4964","description":"Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-09-23 10:07:00","updated_at":"2011-03-08 02:42:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.vupen.com/english/advisories/2006/3732","name":"ADV-2006-3732","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://jvn.jp/jp/JVN%2346630603/index.html","name":"JVN#46630603","refsource":"JVN","tags":[],"title":"JVN#46630603: MDPro におけるクロスサイトスクリプティングの脆弱性","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"http://secunia.com/advisories/22050","name":"22050","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"MAXdev MD-Pro Cross-Site Scripting Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtml","name":"http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtml","refsource":"CONFIRM","tags":["Patch"],"title":"MAXdev :: MDPro, the most easy to use and feature rich GPL Content Management System.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.maxdev.com/Article605.phtml","name":"http://www.maxdev.com/Article605.phtml","refsource":"CONFIRM","tags":["Patch"],"title":"Security fixes for MDPro 1.0.76 :: MAXdev :: MDPro, the most easy to use and feature rich GPL Content Management System.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/20133","name":"20133","refsource":"BID","tags":["Patch"],"title":"MAXdev MD-Pro PnVarCleanFromInput Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://jvn.jp/jp/JVN#46630603/index.html","name":"JVN:JVN#46630603","refsource":"MITRE","tags":[],"title":"","mime":"text/plain","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-4964","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-4964","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"4964","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxdev","cpe5":"md-pro","cpe6":"1.0.72","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4964","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxdev","cpe5":"md-pro","cpe6":"1.0.73","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4964","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxdev","cpe5":"md-pro","cpe6":"1.0.75","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4964","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxdev","cpe5":"md-pro","cpe6":"1.0.72","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4964","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxdev","cpe5":"md-pro","cpe6":"1.0.73","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4964","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxdev","cpe5":"md-pro","cpe6":"1.0.75","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4964","vulnerable":"1","versionEndIncluding":"1.0.76","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"maxdev","cpe5":"md-pro","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-4964","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20133","refsource":"BID","url":"http://www.securityfocus.com/bid/20133"},{"name":"http://www.maxdev.com/Article605.phtml","refsource":"CONFIRM","url":"http://www.maxdev.com/Article605.phtml"},{"name":"ADV-2006-3732","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/3732"},{"name":"JVN#46630603","refsource":"JVN","url":"http://jvn.jp/jp/JVN%2346630603/index.html"},{"name":"http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtml","refsource":"CONFIRM","url":"http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtml"},{"name":"22050","refsource":"SECUNIA","url":"http://secunia.com/advisories/22050"}]}},"nvd":{"publishedDate":"2006-09-23 10:07:00","lastModifiedDate":"2011-03-08 02:42:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:maxdev:md-pro:1.0.72:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:maxdev:md-pro:1.0.75:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:maxdev:md-pro:1.0.73:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:maxdev:md-pro:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.76","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"4964","Ordinal":"20306","Title":"CVE-2006-4964","CVE":"CVE-2006-4964","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"4964","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"4964","Ordinal":"2","NoteData":"2006-09-23","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"4964","Ordinal":"3","NoteData":"2008-11-11","Type":"Other","Title":"Modified"}]}}}