CVE-2006-2227 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-2227
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2227

Description: Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26245 SREASON http://securityreason.com/securityalert/849 SAID Secunia Advisory: SA19986 OSVDB 25256 CONFIRM http://www.punbb.org/download/hdiff/hdiff-1.2.11_to_1.2.12.html http://www.punbb.org/changelogs/1.2.11_to_1.2.12.txt BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/432950/100/0/threaded BID 17827

Return to the previous page.