Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0927

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-0927
Last Modified 05 Sep 2008 05:00:35
Published 28 Feb 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0927

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php.

Vulnerable Systems

Application

  • Jgs-xa Jgs-gallery Addon 4.0

  • Woltlab Burning Board 2.0

  • Woltlab Burning Board 2.0.3

  • Woltlab Burning Board 2.1.5

  • Woltlab Burning Board 2.2.1

  • Woltlab Burning Board 2.2.2

  • Woltlab Burning Board 2.2.3

  • Woltlab Burning Board 2.3.0

  • Woltlab Burning Board 2.3.1


References

BID - 16810

BUGTRAQ - 20060224 Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0)multiple XSS vulnerabilities

MISC - http://www.nukedx.com/?viewdoc=11

XF - wbb-jgsgallerymod-xss(24888)

BID - 16843

FULLDISC - 20060224 Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS vulnerabilities


Last Updated: 27 May 2016 10:41:50