CVE-2006-3795 - Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers t

CVE-2006-3795

Summary

Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html
http://secunia.com/advisories/21116
http://securityreason.com/securityalert/1254
http://www.securityfocus.com/archive/1/440435/100/0/threaded
http://www.securityfocus.com/bid/19052
http://www.vupen.com/english/advisories/2006/2879
https://exchange.xforce.ibmcloud.com/vulnerabilities/27836
https://exchange.xforce.ibmcloud.com/vulnerabilities/27837

Vulnerable Configurations

cpe:2.3:a:deluxebb:deluxebb:*:*:*:*:*:*:*:*
cpe:2.3:a:deluxebb:deluxebb:*:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 17-10-2018 - 21:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	19052
bugtraq	20060718 DeluxeBB mutiple vulnerabilities
fulldisc	20060718 Advisory : DeluxeBB mutiple vulnerabilities
secunia	21116
sreason	1254
vupen	ADV-2006-2879
xf	deluxebb-header-xss(27837) deluxebb-misc-xss(27836)

Last major update

17-10-2018 - 21:30

Published

24-07-2006 - 12:19

Last modified

17-10-2018 - 21:30