CVE-2006-2066

Properties

Published:
26.04.2006
Updated:
28.04.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
    Product:
    MKPortal: MKPortal

    Vulnerability description

    Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.

    References:

    BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/431759/100/0/threaded
    http://www.nukedx.com/?viewdoc=26: http://www.nukedx.com/?viewdoc=26
    FRSIRT: http://www.frsirt.com/english/advisories/2006/1485
    SECTRACK: http://securitytracker.com/id?1015977
    SECUNIA: http://secunia.com/advisories/19786