CVE-2006-1034

Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.

Published: Mar 7, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1034
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
woltlab / burning_board	2.4	2.4.x
woltlab / burning_board	2.7	2.7.x
woltlab / burning_board	1.1.1	1.1.1.x
woltlab / burning_board	2.0_beta_4	2.0_beta_4.x
woltlab / burning_board	2.2.2	2.2.2.x
woltlab / burning_board	2.3.3	2.3.3.x
woltlab / burning_board	2.3.1	2.3.1.x
woltlab / burning_board	2.0_beta_3	2.0_beta_3.x
woltlab / burning_board	2.5	2.5.x
woltlab / burning_board	2.6	2.6.x
woltlab / burning_board	2.0_rc1	2.0_rc1.x
woltlab / burning_board	2.0_beta_5	2.0_beta_5.x
woltlab / burning_board	2.0_rc2	2.0_rc2.x

http://www.securityfocus.com/bid/16843

Vulnerability Database

289,871

CVE-2006-1034