CVE-2006-2497 - Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject

CVE-2006-2497

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp.

References

http://secunia.com/advisories/20175
http://securityreason.com/securityalert/926
http://www.osvdb.org/25650
http://www.osvdb.org/25651
http://www.securityfocus.com/archive/1/434370/100/0/threaded
http://www.securityfocus.com/bid/18025
https://exchange.xforce.ibmcloud.com/vulnerabilities/26530

Vulnerable Configurations

cpe:2.3:a:aspbb:aspbb:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:aspbb:aspbb:0.5.2:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 18-10-2018 - 16:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

bid	18025
bugtraq	20060518 AspBB Forum "profile.asp & default.asp" XSS Vulnerability
osvdb	25650 25651
secunia	20175
sreason	926
xf	aspbb-profile-default-xss(26530)

Last major update

18-10-2018 - 16:40

Published

20-05-2006 - 03:02

Last modified

18-10-2018 - 16:40