Vulnerabilities > CVE-2006-1661 - Cross-Site Scripting vulnerability in SK Soft SKForum

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
sk-soft
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.

Vulnerable Configurations

Part Description Count
Application
Sk_Soft
1

Exploit-Db

  • descriptionSKForum 1.x user.View.action userID Parameter XSS. CVE-2006-1661. Webapps exploit for php platform
    idEDB-ID:27573
    last seen2016-02-03
    modified2006-04-06
    published2006-04-06
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27573/
    titleSKForum 1.x user.View.action userID Parameter XSS
  • descriptionSKForum 1.x planning.View.action time Parameter XSS. CVE-2006-1661. Webapps exploit for php platform
    idEDB-ID:27572
    last seen2016-02-03
    modified2006-04-06
    published2006-04-06
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27572/
    titleSKForum 1.x planning.View.action time Parameter XSS
  • descriptionSKForum 1.x area.View.action areaID Parameter XSS. CVE-2006-1661. Webapps exploit for php platform
    idEDB-ID:27571
    last seen2016-02-03
    modified2006-04-06
    published2006-04-06
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27571/
    titleSKForum 1.x area.View.action areaID Parameter XSS