Lucene search

[email protected]CVE-2006-0155

HistoryJan 10, 2006 - 11:03 a.m.

CVE-2006-0155

2006-01-1011:03:00

[email protected]

web.nvd.nist.gov

cve-2006-0155

cross-site scripting

xss

posts.php

427bb 2.2

427bb 2.2.1

javascript uri

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON

Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.

Affected configurations

NVD

Node

427bbfourtwosevenbbMatch2.2

427bbfourtwosevenbbMatch2.2.1

CPENameOperatorVersion
427bb:fourtwosevenbb427bb fourtwosevenbbeq2.2
427bb:fourtwosevenbb427bb fourtwosevenbbeq2.2.1

CPE	Name	Operator	Version
427bb:fourtwosevenbb	427bb fourtwosevenbb	eq	2.2
427bb:fourtwosevenbb	427bb fourtwosevenbb	eq	2.2.1

References

evuln.com/vulns/18/summary.html

secunia.com/advisories/18354

www.osvdb.org/22276

www.securityfocus.com/archive/1/421326/100/0/threaded

www.vupen.com/english/advisories/2006/0091

exchange.xforce.ibmcloud.com/vulnerabilities/24040

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2006-0155

nvd1 prion1 cvelist1