Vulnerabilities > CVE-2006-2088 - Cross-Site Scripting vulnerability in Devsyn Open Bulletin Board 1.0.6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

devsyn

NVD

Published: 2006-04-29

Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php).

Vulnerable Configurations

Part	Description	Count
Application	Devsyn Devsyn Open Bulletin Board 1.0.6	1

References

http://securityreason.com/securityalert/806
http://www.securityfocus.com/archive/1/432106/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26095