Vulnerability Description
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xmb Software | Xmb Forum | 1.9.5 |
References
- http://www.securityfocus.com/archive/1/430432/100/0/threaded
- http://www.securityfocus.com/bid/17445
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25737
- http://www.securityfocus.com/archive/1/430432/100/0/threaded
- http://www.securityfocus.com/bid/17445
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25737
FAQ
What is CVE-2006-1748?
CVE-2006-1748 is a vulnerability with a CVSS score of 2.6 (LOW). Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which...
How severe is CVE-2006-1748?
CVE-2006-1748 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1748?
Check the references section above for vendor advisories and patch information. Affected products include: Xmb Software Xmb Forum.