CVE-2006-2109

Sažetak

Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php.

Reference

http://secunia.com/advisories/19937
http://www.osvdb.org/25222
http://www.securityfocus.com/archive/1/432714/100/0/threaded
http://www.securityfocus.com/bid/17778
http://www.vupen.com/english/advisories/2006/1636
https://exchange.xforce.ibmcloud.com/vulnerabilities/26211
https://www.klink.name/security/aklink-sa-2006-001-jsboard-xss.txt

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:38

Objavljeno

02-05-2006 - 10:02