PT-2006-1832 · Siteframe · Siteframe Beaumont

Kiki

Published

2006-02-19

Updated

2018-10-18

CVE-2006-0783

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Siteframe Beaumont versions 5.0.1a through 5.0.2

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the comment text parameter to the user comment page at the "/edit/Comment" API endpoint.

Recommendations For versions 5.0.1a through 5.0.2, as a temporary workaround, consider restricting access to the comment text parameter in the "/edit/Comment" API endpoint until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0783

Affected Products

Siteframe Beaumont

PT-2006-1832 · Siteframe · Siteframe Beaumont

CVE-2006-0783

Related Identifiers

Affected Products

References · 8