CVE-2006-4079

Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).

Published: Aug 11, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4079
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
deluxebb / deluxebb	1.05	1.05.x
deluxebb / deluxebb	1.0	1.0.x
deluxebb / deluxebb	1.07	1.07.x
deluxebb / deluxebb	-	1.08.x
deluxebb / deluxebb	1.06	1.06.x

http://securityreason.com/securityalert/1381
http://www.osvdb.org/27833
http://www.securityfocus.com/archive/1/442464/100/0/threaded
http://www.securityfocus.com/bid/19390
https://exchange.xforce.ibmcloud.com/vulnerabilities/28272

Vulnerability Database

CVE-2006-4079

Deep Security Visibility Without the Complexity