CVE-2006-1661

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25641

http://www.vupen.com/english/advisories/2006/1260

http://www.osvdb.org/24432

http://www.osvdb.org/24431

http://www.osvdb.org/24430

http://secunia.com/advisories/19484

http://pridels0.blogspot.com/2006/04/skforum-xss-vuln.html

Details

Source: Mitre, NVD

Published: 2006-04-07

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00738