Vulnerabilities > CVE-2006-2632 - HTML Injection vulnerability in ByteHoard

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

andrew-godwin

NVD

Published: 2006-05-30

Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.

Vulnerable Configurations

Part	Description	Count
Application	Andrew_Godwin Andrew Godwin Bytehoard 2.0.0 Andrew Godwin Bytehoard 2.0.1 Andrew Godwin Bytehoard 2.0.2 Andrew Godwin Bytehoard 2.0.3 Andrew Godwin Bytehoard 2.0.4 Andrew Godwin Bytehoard 2.0.5 Andrew Godwin Bytehoard 2.0_Beta1 Andrew Godwin Bytehoard 2.0_Beta2 Andrew Godwin Bytehoard 2.1_Alpha Andrew Godwin Bytehoard 2.1_Beta Andrew Godwin Bytehoard 2.1_Delta Andrew Godwin Bytehoard 2.1_Gamma	12

References

http://secunia.com/advisories/20304
http://securityreason.com/securityalert/968
http://sourceforge.net/forum/forum.php?forum_id=576219
http://sourceforge.net/project/shownotes.php?release_id=420549&group_id=90199
http://www.securityfocus.com/archive/1/435135/100/0/threaded
http://www.securityfocus.com/bid/18136
http://www.vupen.com/english/advisories/2006/2033
https://exchange.xforce.ibmcloud.com/vulnerabilities/26704