CVE-2006-0365 - Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers

CVE-2006-0365

Summary

Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.

References

Vulnerable Configurations

cpe:2.3:a:xmb_software:xmb_forum:*:*:*:*:*:*:*:*
cpe:2.3:a:xmb_software:xmb_forum:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 29-04-2021 - 15:15)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20060118 XMB Forum HTML Code Injection
osvdb	27920
xf	xmbforum-imgsrc-xss(24208)

statements via4

contributor
lastmodified	2008-12-11
organization	XMB
statement	This CVE is considered invalid because it provides neither a description nor a version number adequate to identity any vulnerability in XMB.

Last major update

29-04-2021 - 15:15

Published

22-01-2006 - 20:03

Last modified

29-04-2021 - 15:15