Lucene search

[email protected]NVD:CVE-2006-2088

HistoryApr 29, 2006 - 10:02 a.m.

CVE-2006-2088

2006-04-2910:02:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

65.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php).

Affected configurations

Nvd

Node

devsynopen_bulletin_boardMatch1.0.6

VendorProductVersionCPE
devsynopen_bulletin_board1.0.6cpe:2.3:a:devsyn:open_bulletin_board:1.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
devsyn	open_bulletin_board	1.0.6	cpe:2.3:a:devsyn:open_bulletin_board:1.0.6:::::::*

References

securityreason.com/securityalert/806

www.securityfocus.com/archive/1/432106/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26095

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

65.2%

JSON

Related for NVD:CVE-2006-2088

cvelist3 cve3 prion1 exploitdb1 nvd2 openvas1 nessus1