Vulnerabilities > CVE-2006-1841 - Cross-Site Scripting vulnerability in BoastMachine Search.PHP

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

kailash-nadh

NVD

Published: 2006-04-19

Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.

Vulnerable Configurations

Part	Description	Count
Application	Kailash_Nadh Kailash Nadh Boastmachine 2.5 Kailash Nadh Boastmachine 2.7 Kailash Nadh Boastmachine 2.8 Kailash Nadh Boastmachine 2.9B	4

References

http://secunia.com/advisories/19711
http://www.securityfocus.com/archive/1/431120/100/0/threaded
http://www.securityfocus.com/bid/17550
http://www.vupen.com/english/advisories/2006/1375
https://exchange.xforce.ibmcloud.com/vulnerabilities/25914