Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0407

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0407
Last Modified 07 Mar 2011 09:29:59
Published 24 Jan 2006 09:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0407

Summary

Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.

Vulnerable Systems

Application

  • Azbb Az Bulletin Board 1.0.0

  • Azbb Az Bulletin Board 1.0.0rc1

  • Azbb Az Bulletin Board 1.0.0rc2

  • Azbb Az Bulletin Board 1.0.1

  • Azbb Az Bulletin Board 1.0.10

  • Azbb Az Bulletin Board 1.0.11

  • Azbb Az Bulletin Board 1.0.12

  • Azbb Az Bulletin Board 1.0.2

  • Azbb Az Bulletin Board 1.0.3

  • Azbb Az Bulletin Board 1.0.4

  • Azbb Az Bulletin Board 1.0.5

  • Azbb Az Bulletin Board 1.0.6

  • Azbb Az Bulletin Board 1.0.7

  • Azbb Az Bulletin Board 1.0.8

  • Azbb Az Bulletin Board 1.0.9

  • Azbb Az Bulletin Board 1.1.00


References

XF - azbulletinboard-post-xss(24274)

VUPEN - ADV-2006-0298

BID - 16351

BUGTRAQ - 20060309 Re: Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting

BUGTRAQ - 20060308 Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting

BUGTRAQ - 20060128 [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting

BUGTRAQ - 20060123 Azbb v1.1.00 Cross-Site Scripting

SECUNIA - 18565

MISC - http://kapda.ir/advisory-236.html

BUGTRAQ - 20060308 Re: [CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting


Last Updated: 27 May 2016 10:41:38