Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1222

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1222
Last Modified 07 Mar 2011 09:32:28
Published 14 Mar 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1222

Summary

Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields.

Vulnerable Systems

Application

  • Zeroboard 4.1 Pl2

  • Zeroboard 4.1 Pl3

  • Zeroboard 4.1 Pl4

  • Zeroboard 4.1 Pl5

  • Zeroboard 4.1 Pl6

  • Zeroboard 4.1 Pl7


References

BID - 17075

BUGTRAQ - 20060312 [INetCop Security Advisory] zeroboard IP session bypass XSS vulnerability

SECUNIA - 19214

VUPEN - ADV-2006-0944

CONFIRM - http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406

MISC - http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf

XF - zeroboard-multiple-fields-xss(25212)

OSVDB - 23847


Last Updated: 27 May 2016 10:41:58