Lucene search
MitreCVE-2006-2167HistoryMay 04, 2006 - 12:38 p.m.
CVE-2006-2167
2006-05-0412:38:00
mitre
web.nvd.nist.gov
27
cve
2006
2167
cross-site scripting
xss
vulnerability
sloughflash
sf-users
register.php
remote attackers
web script
html
img element
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.006
Percentile
78.3%
Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.
Affected configurations
Node
sloughflashsf-usersMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sloughflash | sf-users | 1.0 | cpe:2.3:a:sloughflash:sf-users:1.0:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2006-2167
2006-05-04 12:38:00
cvelist
cvelist
CVE-2006-2167
2006-05-04 10:00:00
prion
prion
Cross site scripting
2006-05-04 12:38:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.006
Percentile
78.3%
Related for CVE-2006-2167