Vulnerability Description
Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Darrens 5-Dollar Script Archive | Osdate | <= 1.1.7 |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-08/0285.html
- http://secunia.com/advisories/21103
- http://securitytracker.com/id?1016700
- http://www.securityfocus.com/archive/1/440490/100/0/threaded
- http://www.securityfocus.com/archive/1/440592/100/0/threaded
- http://www.securityfocus.com/bid/19034Exploit
- http://www.vupen.com/english/advisories/2006/2864
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27814
- http://archives.neohapsis.com/archives/bugtraq/2006-08/0285.html
- http://secunia.com/advisories/21103
- http://securitytracker.com/id?1016700
- http://www.securityfocus.com/archive/1/440490/100/0/threaded
- http://www.securityfocus.com/archive/1/440592/100/0/threaded
- http://www.securityfocus.com/bid/19034Exploit
- http://www.vupen.com/english/advisories/2006/2864
FAQ
What is CVE-2006-3767?
CVE-2006-3767 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attrib...
How severe is CVE-2006-3767?
CVE-2006-3767 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3767?
Check the references section above for vendor advisories and patch information. Affected products include: Darrens 5-Dollar Script Archive Osdate.