Vulnerability Description
Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sloughflash | Sf-Users | 1.0 |
References
- http://secunia.com/advisories/19932Vendor Advisory
- http://securityreason.com/securityalert/831
- http://www.securityfocus.com/archive/1/432727/100/0/threaded
- http://www.securityfocus.com/bid/17783
- http://www.vupen.com/english/advisories/2006/1637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26215
- http://secunia.com/advisories/19932Vendor Advisory
- http://securityreason.com/securityalert/831
- http://www.securityfocus.com/archive/1/432727/100/0/threaded
- http://www.securityfocus.com/bid/17783
- http://www.vupen.com/english/advisories/2006/1637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26215
FAQ
What is CVE-2006-2167?
CVE-2006-2167 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain ...
How severe is CVE-2006-2167?
CVE-2006-2167 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2167?
Check the references section above for vendor advisories and patch information. Affected products include: Sloughflash Sf-Users.