Vulnerabilities > CVE-2006-2167 - HTML Injection vulnerability in Sloughflash Sf-Users 1.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

sloughflash

NVD

Published: 2006-05-04

Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.

Vulnerable Configurations

Part	Description	Count
Application	Sloughflash Sloughflash SF Users 1.0	1

References

http://secunia.com/advisories/19932
http://securityreason.com/securityalert/831
http://www.securityfocus.com/archive/1/432727/100/0/threaded
http://www.securityfocus.com/bid/17783
http://www.vupen.com/english/advisories/2006/1637
https://exchange.xforce.ibmcloud.com/vulnerabilities/26215