CVE-2006-2167

2006-05-0410:00:00

mitre

www.cve.org

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.

References

secunia.com/advisories/19932

securityreason.com/securityalert/831

www.securityfocus.com/archive/1/432727/100/0/threaded

www.securityfocus.com/bid/17783

www.vupen.com/english/advisories/2006/1637

exchange.xforce.ibmcloud.com/vulnerabilities/26215