CVE-2006-3245

Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.

Published: Jun 27, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3245
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mvnforum / mvnforum	1.0.0_beta3	1.0.0_beta3.x
mvnforum / mvnforum	1.0.0_rc3_01	1.0.0_rc3_01.x
mvnforum / mvnforum	1.0_ga	1.0_ga.x
mvnforum / mvnforum	1.0.0_beta2	1.0.0_beta2.x
mvnforum / mvnforum	1.0.0_rc1	1.0.0_rc1.x
mvnforum / mvnforum	1.0.0_rc4_04	1.0.0_rc4_04.x
mvnforum / mvnforum	1.0.0_rc4	1.0.0_rc4.x
mvnforum / mvnforum	1.0.0_beta1	1.0.0_beta1.x
mvnforum / mvnforum	1.0.0_rc2	1.0.0_rc2.x

http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html
http://secunia.com/advisories/20803
http://www.securityfocus.com/bid/18663
http://www.vupen.com/english/advisories/2006/2531
https://exchange.xforce.ibmcloud.com/vulnerabilities/27370

Vulnerability Database

289,871

CVE-2006-3245