Vulnerabilities > CVE-2006-3321 - Cross-Site Injection vulnerability in OpenForum

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

2enetworx

NVD

Published: 2006-06-30

Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters.

Vulnerable Configurations

Part	Description	Count
Application	2Enetworx 2Enetworx Openforum *	1

References

http://pridels0.blogspot.com/2006/06/openforum-xss-vuln.html
http://www.osvdb.org/27623
http://www.securityfocus.com/bid/19266
https://exchange.xforce.ibmcloud.com/vulnerabilities/27361