PT-2006-3616 · Easy Content · Easy-Content Forums
Ajann
·
Publicado
2006-05-31
·
Atualizado
2018-10-18
·
CVE-2006-2696
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Easy-Content Forums version 1.0
Description
The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the
startletter parameter in "userview.asp" and the catid parameter in "topics.asp".Recommendations
For Easy-Content Forums version 1.0, avoid using the
startletter parameter in "userview.asp" and the catid parameter in "topics.asp" until a fix is available. Consider restricting access to these parameters to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Easy-Content Forums