ID CVE-2006-3169
Summary Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php. Update to version 0.82.
References
Vulnerable Configurations
  • cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*
    cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bugtraq 20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure
confirm http://www.comscripts.com/scripts/php.cs-forum.643.html
misc http://www.acid-root.new.fr/advisories/csforum081.txt
osvdb
  • 26379
  • 26380
secunia 20534
sreason 1124
vupen ADV-2006-2314
xf csforum-read-ajouter-xss(27175)
Last major update 18-10-2018 - 16:46
Published 23-06-2006 - 00:02
Last modified 18-10-2018 - 16:46
Back to Top