CVE-2006-3909

2006-07-2722:00:00

mitre

www.cve.org

AI Score

5.7

Confidence

High

EPSS

0.027

Percentile

90.6%

JSON

Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.

References

secunia.com/advisories/21221

www.aria-security.net/advisory/wwwthreads.txt

www.osvdb.org/27542

www.securityfocus.com/archive/1/441191/100/0/threaded

www.securityfocus.com/bid/19177

www.vupen.com/english/advisories/2006/3005

exchange.xforce.ibmcloud.com/vulnerabilities/27997