CVE-2006-1841

Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.

Published: Apr 19, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1841
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
kailash_nadh / boastmachine	2.8	2.8.x
kailash_nadh / boastmachine	2.7	2.7.x
kailash_nadh / boastmachine	2.9b	2.9b.x
kailash_nadh / boastmachine	2.5	2.5.x

http://secunia.com/advisories/19711
http://www.securityfocus.com/archive/1/431120/100/0/threaded
http://www.securityfocus.com/bid/17550
http://www.vupen.com/english/advisories/2006/1375
https://exchange.xforce.ibmcloud.com/vulnerabilities/25914

Vulnerability Database

CVE-2006-1841