Detections
Analytics

CVE-2006-1222

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25212

http://www.vupen.com/english/advisories/2006/0944

http://www.securityfocus.com/bid/17075

http://www.securityfocus.com/archive/1/427466/100/0/threaded

http://www.osvdb.org/23847

http://www.nzeo.com/bbs/zboard.php?id=cgi_bugreport2&no=5406

http://www.inetcop.org/upfiles/33INCSA.2006-0x82-029-zeroboard.pdf

http://secunia.com/advisories/19214

Details

Source: Mitre, NVD

Published: 2006-03-14

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00816