Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2167

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2167
Last Modified 07 Mar 2011 09:35:28
Published 04 May 2006 08:38:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2167

Summary

Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.

Vulnerable Systems

Application

  • Sloughflash Sf-users 1.0


References

VUPEN - ADV-2006-1637

BID - 17783

BUGTRAQ - 20060502 SF-Users V1.0 XSS injection

SECUNIA - 19932

XF - sfusers-register-xss(26215)

SREASON - 831


Last Updated: 27 May 2016 10:42:22