Vulnerabilities > CVE-2006-0958 - HTML Injection vulnerability in freeForum
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
zoneo-soft
Summary
Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/44571/EV0089.txt |
| id | PACKETSTORM:44571 |
| last seen | 2016-12-05 |
| published | 2006-03-11 |
| reporter | Aliaksandr Hartsuyeu |
| source | https://packetstormsecurity.com/files/44571/EV0089.txt.html |
| title | EV0089.txt |
References
- http://evuln.com/vulns/89/summary.html
- http://secunia.com/advisories/19020
- http://soft.zoneo.net/freeForum/changes.php
- http://www.securityfocus.com/archive/1/427321/100/0/threaded
- http://www.securityfocus.com/bid/16877
- http://www.vupen.com/english/advisories/2006/0759
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24925