Vulnerabilities > CVE-2006-1748 - Unspecified vulnerability in XMB Software XMB Forum 1.9.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Statements
| contributor | |
| lastmodified | 2008-12-11 |
| organization | XMB |
| statement | XMB version 1.9.10 or later must be installed to prevent attacks described by this CVE. A patch is also included in third service pack for version 1.9.8 only. All other versions of XMB are vulnerable until upgraded. Upgrades are available at http://www.xmbforum.com/ |
References
- http://www.securityfocus.com/archive/1/430432/100/0/threaded
- http://www.securityfocus.com/archive/1/430432/100/0/threaded
- http://www.securityfocus.com/bid/17445
- http://www.securityfocus.com/bid/17445
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25737
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25737