Vulnerabilities > CVE-2006-2188 - HTML Injection vulnerability in CmScout

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

cmscout

NVD

Published: 2006-05-04

Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. This vulnerability is addressed in the following product release: CMScout, CMScout, 1.21

Vulnerable Configurations

Part	Description	Count
Application	Cmscout Cmscout Cmscout - Cmscout Cmscout 1.00 Cmscout Cmscout 1.01 Cmscout Cmscout 1.02 Cmscout Cmscout 1.02.1 Cmscout Cmscout 1.10	7

References

http://secunia.com/advisories/19933
http://securityreason.com/securityalert/838
http://securitytracker.com/id?1016023
http://www.osvdb.org/25246
http://www.osvdb.org/25247
http://www.securityfocus.com/archive/1/432725/100/0/threaded
http://www.securityfocus.com/bid/17796
https://exchange.xforce.ibmcloud.com/vulnerabilities/26223