CVE-2006-0407 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.

Reference

http://kapda.ir/advisory-236.html http://secunia.com/advisories/18565 http://www.securityfocus.com/archive/1/423353/100/0/threaded http://www.securityfocus.com/archive/1/423363/100/0/threaded http://www.securityfocus.com/archive/1/427076/100/0/threaded http://www.securityfocus.com/archive/1/427076/30/6510/threaded http://www.securityfocus.com/archive/1/427194/100/0/threaded http://www.securityfocus.com/bid/16351 http://www.vupen.com/english/advisories/2006/0298 https://exchange.xforce.ibmcloud.com/vulnerabilities/24274

Share on: