Vulnerabilities > CVE-2006-1661 - Cross-Site Scripting vulnerability in SK Soft SKForum
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description SKForum 1.x user.View.action userID Parameter XSS. CVE-2006-1661. Webapps exploit for php platform id EDB-ID:27573 last seen 2016-02-03 modified 2006-04-06 published 2006-04-06 reporter r0t source https://www.exploit-db.com/download/27573/ title SKForum 1.x user.View.action userID Parameter XSS description SKForum 1.x planning.View.action time Parameter XSS. CVE-2006-1661. Webapps exploit for php platform id EDB-ID:27572 last seen 2016-02-03 modified 2006-04-06 published 2006-04-06 reporter r0t source https://www.exploit-db.com/download/27572/ title SKForum 1.x planning.View.action time Parameter XSS description SKForum 1.x area.View.action areaID Parameter XSS. CVE-2006-1661. Webapps exploit for php platform id EDB-ID:27571 last seen 2016-02-03 modified 2006-04-06 published 2006-04-06 reporter r0t source https://www.exploit-db.com/download/27571/ title SKForum 1.x area.View.action areaID Parameter XSS
References
- http://pridels0.blogspot.com/2006/04/skforum-xss-vuln.html
- http://secunia.com/advisories/19484
- http://www.osvdb.org/24430
- http://www.osvdb.org/24431
- http://www.osvdb.org/24432
- http://www.securityfocus.com/bid/17389
- http://www.vupen.com/english/advisories/2006/1260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25641