CVE-2006-0437

Опубликовано: 06 фев. 2006

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:phpbb_group:phpbb:2.0.19:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00747

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2006-0437

ubuntu

больше 19 лет назад

CVE-2006-0437

debian

больше 19 лет назад

Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...

GHSA-7pmr-6668-vcpv

github

больше 3 лет назад

EPSS

Процентиль: 72%

0.00747

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other