4.3

CVE-2006-0437

Exploit
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpbb GroupPhpbb Version2.0.6c
Phpbb GroupPhpbb Version2.0.6d
Phpbb GroupPhpbb Version2.0.7
Phpbb GroupPhpbb Version2.0.7a
Phpbb GroupPhpbb Version2.0.8
Phpbb GroupPhpbb Version2.0.8a
Phpbb GroupPhpbb Version2.0.9
Phpbb GroupPhpbb Version2.0.10
Phpbb GroupPhpbb Version2.0.11
Phpbb GroupPhpbb Version2.0.12
Phpbb GroupPhpbb Version2.0.13
Phpbb GroupPhpbb Version2.0.14
Phpbb GroupPhpbb Version2.0.15
Phpbb GroupPhpbb Version2.0.16
Phpbb GroupPhpbb Version2.0.17
Phpbb GroupPhpbb Version2.0.18
Phpbb GroupPhpbb Version2.0.19
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.24% 0.806
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html
http://secunia.com/advisories/18693
Vendor Advisory
http://securityreason.com/achievement_securityalert/31
Exploit
http://securityreason.com/securityalert/406
http://www.osvdb.org/22928
http://www.vupen.com/english/advisories/2006/0445
https://exchange.xforce.ibmcloud.com/vulnerabilities/24497