CVE-2006-3539
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
13/07/2006
Last modified:
03/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:dkscript:dragons_kingdom_script:1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/20662
- http://www.securityfocus.com/archive/1/437753/100/0/threaded
- http://www.securityfocus.com/bid/18535
- http://www.vupen.com/english/advisories/2006/2439
- http://www.youfucktard.com/xsp/dragking1.jpg
- http://www.youfucktard.com/xsp/dragking2.jpg
- http://www.youfucktard.com/xsp/dragking3.jpg
- http://www.youfucktard.com/xsp/dragking4.jpg
- http://www.youfucktard.com/xsp/dragking5.jpg
- http://www.youfucktard.com/xsp/dragking6.jpg
- http://www.youfucktard.com/xsp/dragking7.jpg
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27390
- http://secunia.com/advisories/20662
- http://www.securityfocus.com/archive/1/437753/100/0/threaded
- http://www.securityfocus.com/bid/18535
- http://www.vupen.com/english/advisories/2006/2439
- http://www.youfucktard.com/xsp/dragking1.jpg
- http://www.youfucktard.com/xsp/dragking2.jpg
- http://www.youfucktard.com/xsp/dragking3.jpg
- http://www.youfucktard.com/xsp/dragking4.jpg
- http://www.youfucktard.com/xsp/dragking5.jpg
- http://www.youfucktard.com/xsp/dragking6.jpg
- http://www.youfucktard.com/xsp/dragking7.jpg
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27390