Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3306

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3306
Last Modified 07 Mar 2011 09:38:18
Published 28 Jun 2006 09:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3306

Summary

Cross-site scripting (XSS) vulnerability in the preparestring funtion in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

Vulnerable Systems

Application

  • Zoid Technologies Project Eros Bbsengine 2006-02-23

  • Zoid Technologies Project Eros Bbsengine 2006-04-29


References

BID - 18627

SECUNIA - 20760

XF - projecteros-common-xss(27407)

CONFIRM - http://www.zoidtechnologies.com/projects/bbsengine/ChangeLog

VUPEN - ADV-2006-2503


Last Updated: 27 May 2016 10:42:57