PT-2006-7056 · Tforum · Vt-Forum Lite

St@Rext

Published

2006-12-10

Updated

2018-10-17

CVE-2006-6447

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Vt-Forum Lite versions 1.3 through 1.5

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the StrMes parameter in "vf info.asp" or possibly a URL in the SRC attribute of an IFRAME element submitted to "vf newtopic.asp".

Recommendations For versions 1.3 and 1.5, consider restricting access to the vf info.asp and vf newtopic.asp pages until a fix is available. As a temporary workaround, avoid using the StrMes parameter in the "vf info.asp" page. Restrict the submission of URLs in the SRC attribute of IFRAME elements to the "vf newtopic.asp" page to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6447

Affected Products

Vt-Forum Lite

PT-2006-7056 · Tforum · Vt-Forum Lite

CVE-2006-6447

Related Identifiers

Affected Products

References · 9