PT-2006-4167 · Unknown · Some Chess

Luny

Published

2006-06-28

Updated

2018-10-18

CVE-2006-3273

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Some Chess version 1.5 rc1

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the user parameter, specifically in the "New Name" field of the menu.php file.

Recommendations For version 1.5 rc1, avoid using the user parameter in the menu.php file until a fix is available. As a temporary workaround, consider restricting access to the menu.php file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3273

Affected Products

Some Chess

PT-2006-4167 · Unknown · Some Chess

CVE-2006-3273

Related Identifiers

Affected Products

References · 7