Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2109

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2109
Last Modified 07 Mar 2011 09:35:16
Published 02 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2109

Summary

Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php.

Vulnerable Systems

Application

  • Jsboard 2.0.10

  • Jsboard 2.0.11

  • Jsboard 2.0.7

  • Jsboard 2.0.8

  • Jsboard 2.0.9


References

MISC - https://www.klink.name/security/aklink-sa-2006-001-jsboard-xss.txt

VUPEN - ADV-2006-1636

XF - jsboard-login-xss(26211)

BID - 17778

BUGTRAQ - 20060502 JSBoard XSS vulnerability

OSVDB - 25222

SECUNIA - 19937


Last Updated: 27 May 2016 10:42:20