CVE-2006-6020: XSS
First published: Tue Nov 21 2006(Updated: )
Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TorrentFlux | =0.92 | |
| =0.92 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-6020?
CVE-2006-6020 has a medium severity rating due to the potential for cross-site scripting attacks.
How do I fix CVE-2006-6020?
To fix CVE-2006-6020, ensure that input parameters are properly sanitized to prevent script injection.
What software is affected by CVE-2006-6020?
CVE-2006-6020 specifically affects Blog Torrent Preview version 0.92.
Can CVE-2006-6020 lead to data theft?
Yes, exploiting CVE-2006-6020 can allow attackers to steal cookies or session tokens through cross-site scripting.
Is CVE-2006-6020 still a risk today?
While CVE-2006-6020 is an older vulnerability, it can still pose a risk if the affected software is not patched.
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-historical
- vendor/blog torrent
- product/blog torrent preview
- canonical/blog torrent blog torrent preview
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- canonical/torrentflux
- version/torrentflux/0.92