CVE-2006-6844

Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.

Published: Dec 31, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6844
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cmsmadesimple / cms_made_simple	1.0.2	1.0.2.x

http://securityreason.com/securityalert/2087
http://securitytracker.com/id?1017445
http://www.l0j1k.com/security/CMSMadeSimple_1.0.2_25Dec06.txt
http://www.securityfocus.com/archive/1/455306/100/0/threaded
http://www.securityfocus.com/bid/21756

Vulnerability Database

289,697

CVE-2006-6844