Vulnerabilities > CVE-2006-6447 - Cross-Site Scripting vulnerability in Vt-Forum Lite 1.3/1.5

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

vt-forum

exploit available

NVD

Published: 2006-12-10

Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp.

Vulnerable Configurations

Part	Description	Count
Application	Vt-Forum VT Forum VT Forum Lite 1.3 VT Forum VT Forum Lite 1.5	2

Exploit-Db

description	Vt-Forum Lite 1.3 vf_info.asp StrMes Parameter XSS. CVE-2006-6447. Webapps exploit for asp platform
id	EDB-ID:29227
last seen	2016-02-03
modified	2006-12-04
published	2006-12-04
reporter	St@rExT
source	https://www.exploit-db.com/download/29227/
title	Vt-Forum Lite 1.3 vf_info.asp StrMes Parameter XSS

description	Vt-Forum Lite 1.3 vf_newtopic.asp IFRAME Element XSS. CVE-2006-6447. Webapps exploit for asp platform
id	EDB-ID:29228
last seen	2016-02-03
modified	2006-12-04
published	2006-12-04
reporter	St@rExT
source	https://www.exploit-db.com/download/29228/
title	Vt-Forum Lite 1.3 vf_newtopic.asp IFRAME Element XSS

Summary

Vulnerable Configurations

Exploit-Db

References