Vulnerabilities > CVE-2006-2497 - Cross-Site Scripting vulnerability in Aspbb 0.5.2

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
aspbb
exploit available
NVD
Published: 2006-05-20
Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp.

Vulnerable Configurations

Part Description Count
Application
Aspbb
1

Exploit-Db

  • descriptionASPBB 0.5.2 default.asp action Parameter XSS. CVE-2006-2497. Webapps exploit for asp platform
    idEDB-ID:27896
    last seen2016-02-03
    modified2006-05-18
    published2006-05-18
    reporterTeufeL
    sourcehttps://www.exploit-db.com/download/27896/
    titleASPBB 0.5.2 default.asp action Parameter XSS
  • descriptionASPBB 0.5.2 profile.asp get Parameter XSS. CVE-2006-2497. Webapps exploit for asp platform
    idEDB-ID:27897
    last seen2016-02-03
    modified2006-05-18
    published2006-05-18
    reporterTeufeL
    sourcehttps://www.exploit-db.com/download/27897/
    titleASPBB 0.5.2 profile.asp get Parameter XSS

References