Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441.
References
Configurations
History
21 Nov 2024, 00:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://securityreason.com/securityalert/552 - | |
References | () http://www.osvdb.org/23812 - | |
References | () http://www.osvdb.org/23813 - | |
References | () http://www.securityfocus.com/archive/1/426874/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/16956 - | |
References | () http://www.securityfocus.com/bid/16969 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/25090 - |
Information
Published : 2006-03-10 02:02
Updated : 2024-11-21 00:08
NVD link : CVE-2006-1133
Mitre link : CVE-2006-1133
CVE.ORG link : CVE-2006-1133
JSON object : View
Products Affected
vbzoom
- vbzoom
CWE