PT-2006-5799 · Jamroom · Jamroom
Meto5757
·
Publicado
2006-09-28
·
Atualizado
2018-10-17
·
CVE-2006-5060
CVSS v2.0
5.1
Média
| Vetor | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Jamroom versions 3.0.16 and earlier
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
forgot parameter in the forgot mode of the login.php file.Recommendations
For Jamroom versions 3.0.16 and earlier, update to a version that fixes this issue, as using the forgot parameter in the forgot mode of the login.php file poses a risk of XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Jamroom