Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1204

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1204
Last Modified 05 Sep 2008 05:01:17
Published 13 Mar 2006 08:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1204

Summary

Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php; the (4) r_username and (5) r_loc parameters in (b) new_topic.php; the (6) r_num, (7) r_family_name, (8) r_icq, (9) r_yahoo, (10) r_aim, (11) r_homepage, (12) r_interests, (13) r_about, (14) selected1, (15) selected0, (16) signature_selected1, (17) signature_selected0, (18) smile_selected1, (19) smile_selected0, (20) ubb_selected1, and (21) ubb_selected0 parameters in (c) profile.php; the (22) quote and (23) tid parameters in (d) reply.php; and the (24) tid, (25) sticked, and (26) mid parameters in (e) view_topic.php.

Vulnerable Systems

Application

  • Txtforum 1.0.4 Dev


References

BUGTRAQ - 20060309 txtForum: Multiple XSS Vulnerabilities

MISC - http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-003.txt

XF - txtforum-multiple-xss(25132)

BID - 17054

OSVDB - 23957

OSVDB - 23956

OSVDB - 23955

OSVDB - 23954

OSVDB - 23953


Last Updated: 27 May 2016 10:41:58