CVE-2006-6996

Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: Feb 12, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-6996
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
the_war_forge / warforge.news	1.0	1.0.x

http://secunia.com/advisories/19697
https://exchange.xforce.ibmcloud.com/vulnerabilities/25901

Vulnerability Database

291,049

CVE-2006-6996