CVE-2006-2491

Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable.

Published: May 20, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2491
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
kailash_nadh / boastmachine	2.8	2.8.x
boastmachine / boastmachine	-	3.1.x
kailash_nadh / boastmachine	2.7	2.7.x
kailash_nadh / boastmachine	2.9b	2.9b.x
boastmachine / boastmachine	3.0	3.0.x
kailash_nadh / boastmachine	2.5	2.5.x

http://secunia.com/advisories/20149
http://securityreason.com/securityalert/725
http://securityreason.com/securityalert/927
http://www.osvdb.org/25617
http://www.osvdb.org/25618
http://www.securityfocus.com/archive/1/434294/100/0/threaded
http://www.securityfocus.com/bid/18012
http://www.vupen.com/english/advisories/2006/1853
https://exchange.xforce.ibmcloud.com/vulnerabilities/26518

Vulnerability Database

CVE-2006-2491