Vulnerabilities > CVE-2006-3327 - Input Validation vulnerability in E-Cbd.Biz Custom Dating BIZ Dating Script 1.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
e-cbd-biz
Summary
Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |