Vulnerabilities > CVE-2006-1034 - Cross-Site Scripting vulnerability in Woltlab Burning Board
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.
Vulnerable Configurations
Exploit-Db
description Woltlab Burning Board 1.1.1/2.x galerie_onfly.php XSS. CVE-2006-1034. Webapps exploit for php platform id EDB-ID:27323 last seen 2016-02-03 modified 2006-02-27 published 2006-02-27 reporter botan source https://www.exploit-db.com/download/27323/ title Woltlab Burning Board 1.1.1/2.x galerie_onfly.php XSS description Woltlab Burning Board 1.1.1/2.x galerie_index.php username Parameter XSS. CVE-2006-1034. Webapps exploit for php platform id EDB-ID:27322 last seen 2016-02-03 modified 2006-02-27 published 2006-02-27 reporter botan source https://www.exploit-db.com/download/27322/ title Woltlab Burning Board 1.1.1/2.x galerie_index.php username Parameter XSS