CVE-2006-3333

Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection.

Published: Jul 1, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3333
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpoutsourcing / zorum	3.5	3.5.x

http://pridels0.blogspot.com/2006/06/zorum-forum-35-vuln.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/19598

Vulnerability Database

289,697

CVE-2006-3333