CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-1748

Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.3%

CVSS Severity

CVSS v2 Score 2.6

References

http://www.securityfocus.com/archive/1/430432/100/0/threaded
http://www.securityfocus.com/bid/17445
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
https://exchange.xforce.ibmcloud.com/vulnerabilities/25737
http://www.securityfocus.com/archive/1/430432/100/0/threaded
http://www.securityfocus.com/bid/17445
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
https://exchange.xforce.ibmcloud.com/vulnerabilities/25737

Products affected by CVE-2006-1748

Xmb Software » Xmb Forum » Version: 1.9.5

cpe:2.3:a:xmb_software:xmb_forum:1.9.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1748

Products

Pricing

Contact Us