CVE-2006-6089 - Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote at

CVE-2006-6089

Summary

Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field.

References

http://s-a-p.ca/index.php?page=OurAdvisories&id=35
http://www.securityfocus.com/bid/21111
http://secunia.com/advisories/22943
http://securityreason.com/securityalert/1913
http://www.vupen.com/english/advisories/2006/4579
https://exchange.xforce.ibmcloud.com/vulnerabilities/30344
http://www.securityfocus.com/archive/1/451846/100/100/threaded

Vulnerable Configurations

cpe:2.3:a:baalasp:baalasp_forum:*:*:*:*:*:*:*:*
cpe:2.3:a:baalasp:baalasp_forum:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	21111
bugtraq	20061115 BaalAsp forum [login bypass ,injections sql(post), xss(post)]
misc	http://s-a-p.ca/index.php?page=OurAdvisories&id=35
secunia	22943
sreason	1913
vupen	ADV-2006-4579
xf	baalasp-addpost1-xss(30344)

Last major update

14-02-2024 - 01:17

Published

24-11-2006 - 18:07

Last modified

14-02-2024 - 01:17