Vulnerability Details CVE-2006-2167
Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/19932
- http://securityreason.com/securityalert/831
- http://www.securityfocus.com/archive/1/432727/100/0/threaded
- http://www.securityfocus.com/bid/17783
- http://www.vupen.com/english/advisories/2006/1637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26215
- http://secunia.com/advisories/19932
- http://securityreason.com/securityalert/831
- http://www.securityfocus.com/archive/1/432727/100/0/threaded
- http://www.securityfocus.com/bid/17783
- http://www.vupen.com/english/advisories/2006/1637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26215
Products affected by CVE-2006-2167
-
cpe:2.3:a:sloughflash:sf-users:1.0