PT-2006-1474 · Az · Az Bulletin Board

Published

2006-01-25

Updated

2018-10-19

CVE-2006-0407

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions AZ Bulletin Board (AZbb) versions 1.1.00 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the nickname parameter and an iframe tag in the topic parameter.

Recommendations For AZ Bulletin Board (AZbb) versions 1.1.00 and earlier, as a temporary workaround, consider restricting user input for the nickname parameter and disabling the use of iframe tags in the topic parameter until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0407

Affected Products

Az Bulletin Board

PT-2006-1474 · Az · Az Bulletin Board

CVE-2006-0407

Related Identifiers

Affected Products

References · 12