PT-2007-1468 · Webapp · Webapp

Published

2007-04-03

Updated

2008-09-05

CVE-2006-7190

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions WebAPP versions prior to 20060515

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function. This is related to the use of doubbctopic instead of doubbc.

Recommendations For versions prior to 20060515, update to version 20060515 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin/user-lib/topics.pl script until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-7190

Affected Products

Webapp

PT-2007-1468 · Webapp · Webapp

CVE-2006-7190

Related Identifiers

Affected Products

References · 3