Vulnerabilities > CVE-2006-1133 - Cross-Site Scripting vulnerability in Vbzoom 1.11

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

vbzoom

exploit available

NVD

Published: 2006-03-10

Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441.

Vulnerable Configurations

Part	Description	Count
Application	Vbzoom Vbzoom Vbzoom 1.11	1

Exploit-Db

description	VBZooM Forum 1.11 contact.php UserID Parameter XSS. CVE-2006-1133. Webapps exploit for php platform
id	EDB-ID:27348
last seen	2016-02-03
modified	2006-03-04
published	2006-03-04
reporter	Mr.SNAKE
source	https://www.exploit-db.com/download/27348/
title	VBZooM Forum 1.11 contact.php UserID Parameter XSS

description	VBZooM Forum 1.11 comment.php UserID Parameter XSS. CVE-2006-1133. Webapps exploit for php platform
id	EDB-ID:27347
last seen	2016-02-03
modified	2006-03-04
published	2006-03-04
reporter	Mr.SNAKE
source	https://www.exploit-db.com/download/27347/
title	VBZooM Forum 1.11 comment.php UserID Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References