CVE-2006-1810: XSS
First published: Tue Apr 18 2006(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealFlex RealWin | =0.5.5_beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-1810?
CVE-2006-1810 is classified as a medium severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2006-1810?
To fix CVE-2006-1810, it's recommended to update FlexBB to the latest version or implement input validation and sanitization across the affected fields.
What are the affected fields in CVE-2006-1810?
CVE-2006-1810 affects multiple fields including ICQ, AIM, MSN, Google Talk, Website Name, Website Address, Email Address, Location, Signature, and Sub-Titles.
Who can exploit CVE-2006-1810?
CVE-2006-1810 can be exploited by remote attackers who can inject arbitrary web scripts or HTML into the affected fields.
What is FlexBB's version vulnerable to CVE-2006-1810?
The vulnerable version of FlexBB is 0.5.5 BETA.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/flexbb
- product/flexbb
- canonical/flexbb flexbb
- canonical/realflex realwin
- version/realflex realwin/0.5.5_beta