Vulnerabilities > CVE-2006-2741 - Input Validation vulnerability in tinyBB

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

epic-designs

NVD

Published: 2006-06-01

Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Epic_Designs Epic Designs Tinybb *	1

References

http://securityreason.com/securityalert/1011
http://securitytracker.com/id?1016172
http://www.nukedx.com/?getxpl=33
http://www.nukedx.com/?viewdoc=33
http://www.securityfocus.com/archive/1/435281/100/0/threaded
http://www.securityfocus.com/bid/18147
https://exchange.xforce.ibmcloud.com/vulnerabilities/26829