CVE-2006-4206

2006-08-1721:00:00

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.8%

JSON

Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.

References

nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4206

securityreason.com/securityalert/1405

www.osvdb.org/29232

www.securityfocus.com/archive/1/443035/100/0/threaded

www.securityfocus.com/bid/20335

exchange.xforce.ibmcloud.com/vulnerabilities/28352