Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Userland | Manila | All versions |
References
- http://www.securityfocus.com/archive/1/431058/100/0/threaded
- http://www.securityfocus.com/bid/17563
- http://www.securityfocus.com/bid/17565
- http://www.securityfocus.com/archive/1/431058/100/0/threaded
- http://www.securityfocus.com/bid/17563
- http://www.securityfocus.com/bid/17565
FAQ
What is CVE-2006-1903?
CVE-2006-1903 is a vulnerability with a CVSS score of 2.6 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2...
How severe is CVE-2006-1903?
CVE-2006-1903 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1903?
Check the references section above for vendor advisories and patch information. Affected products include: Userland Manila.