Vulnerabilities > CVE-2006-0407 - HTML Injection vulnerability in AZ Bulletin Board

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

azbb

exploit available

NVD

Published: 2006-01-25

Updated: 2018-10-19

Summary

Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.

Vulnerable Configurations

Part	Description	Count
Application	Azbb Azbb AZ Bulletin Board 1.0.0 Azbb AZ Bulletin Board 1.0.0Rc1 Azbb AZ Bulletin Board 1.0.0Rc2 Azbb AZ Bulletin Board 1.0.1 Azbb AZ Bulletin Board 1.0.2 Azbb AZ Bulletin Board 1.0.3 Azbb AZ Bulletin Board 1.0.4 Azbb AZ Bulletin Board 1.0.5 Azbb AZ Bulletin Board 1.0.6 Azbb AZ Bulletin Board 1.0.7 Azbb AZ Bulletin Board 1.0.8 Azbb AZ Bulletin Board 1.0.9 Azbb AZ Bulletin Board 1.0.10 Azbb AZ Bulletin Board 1.0.11 Azbb AZ Bulletin Board 1.0.12 Azbb AZ Bulletin Board 1.1.00	16

Exploit-Db

description	AZ Bulletin Board 1.0.x/1.1 Post.PHP HTML Injection Vulnerabilities. CVE-2006-0407. Webapps exploit for php platform
id	EDB-ID:27120
last seen	2016-02-03
modified	2006-01-23
published	2006-01-23
reporter	Roozbeh Afrasiabi
source	https://www.exploit-db.com/download/27120/
title	AZ Bulletin Board 1.0.x/1.1 Post.PHP HTML Injection Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References