CVE-2006-0407
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/01/2006
Last modified:
03/04/2025
Description
Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:azbb:az_bulletin_board:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.0rc1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.0rc2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:azbb:az_bulletin_board:1.0.12:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://kapda.ir/advisory-236.html
- http://secunia.com/advisories/18565
- http://www.securityfocus.com/archive/1/423353/100/0/threaded
- http://www.securityfocus.com/archive/1/423363/100/0/threaded
- http://www.securityfocus.com/archive/1/427076/100/0/threaded
- http://www.securityfocus.com/archive/1/427076/30/6510/threaded
- http://www.securityfocus.com/archive/1/427194/100/0/threaded
- http://www.securityfocus.com/bid/16351
- http://www.vupen.com/english/advisories/2006/0298
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24274
- http://kapda.ir/advisory-236.html
- http://secunia.com/advisories/18565
- http://www.securityfocus.com/archive/1/423353/100/0/threaded
- http://www.securityfocus.com/archive/1/423363/100/0/threaded
- http://www.securityfocus.com/archive/1/427076/100/0/threaded
- http://www.securityfocus.com/archive/1/427076/30/6510/threaded
- http://www.securityfocus.com/archive/1/427194/100/0/threaded
- http://www.securityfocus.com/bid/16351
- http://www.vupen.com/english/advisories/2006/0298
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24274