CVE-2006-0124 - Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to i

CVE-2006-0124

Summary

Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field.

References

http://evuln.com/vulns/15/summary.html
http://secunia.com/advisories/18300
http://securitytracker.com/id?1015445
http://www.osvdb.org/22242
http://www.securityfocus.com/archive/1/420990/100/0/threaded
http://www.securityfocus.com/bid/16157
http://www.vupen.com/english/advisories/2006/0077

Vulnerable Configurations

cpe:2.3:a:adn_forum:adn_forum:1.0:*:*:*:*:*:*:*
cpe:2.3:a:adn_forum:adn_forum:1.0:*:*:*:*:*:*:*
cpe:2.3:a:adn_forum:adn_forum:1.0b:*:*:*:*:*:*:*
cpe:2.3:a:adn_forum:adn_forum:1.0b:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 19-10-2018 - 15:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16157
bugtraq	20060105 [eVuln] ADNForum Multiple Vulnerabilities
misc	http://evuln.com/vulns/15/summary.html
osvdb	22242
sectrack	1015445
secunia	18300
vupen	ADV-2006-0077

Last major update

19-10-2018 - 15:42

Published

09-01-2006 - 11:03

Last modified

19-10-2018 - 15:42