Vulnerabilities > CVE-2006-1748 - Unspecified vulnerability in XMB Software XMB Forum 1.9.5
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Statements
| contributor | |
| lastmodified | 2008-12-11 |
| organization | XMB |
| statement | XMB version 1.9.10 or later must be installed to prevent attacks described by this CVE. A patch is also included in third service pack for version 1.9.8 only. All other versions of XMB are vulnerable until upgraded. Upgrades are available at http://www.xmbforum.com/ |