CVE-2006-6447

CVE-2006-6447

EPSS 1.9%

Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/23226 http://securityreason.com/securityalert/2011 https://exchange.xforce.ibmcloud.com/vulnerabilities/30725 http://www.securityfocus.com/archive/1/453452/100/0/threaded http://www.securityfocus.com/bid/21428 http://www.vupen.com/english/advisories/2006/4850