PT-2006-3146 · Sloughflash · Sloughflash Sf-Users

Nomenumbra

Published

2006-05-04

Updated

2018-10-18

CVE-2006-2167

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SloughFlash SF-Users version 1.0

Description The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved by setting the username field to contain JavaScript in the SRC attribute of an IMG element, potentially in the register.php file.

Recommendations For SloughFlash SF-Users version 1.0, consider restricting the input for the username field to prevent injection of malicious scripts until a patch is available. As a temporary workaround, restrict access to the register.php file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2167

Affected Products

Sloughflash Sf-Users

PT-2006-3146 · Sloughflash · Sloughflash Sf-Users

CVE-2006-2167

Related Identifiers

Affected Products

References · 7