CVE-2006-2167

medium

Description

Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26215

http://www.vupen.com/english/advisories/2006/1637

http://www.securityfocus.com/bid/17783

http://www.securityfocus.com/archive/1/432727/100/0/threaded

http://securityreason.com/securityalert/831

http://secunia.com/advisories/19932

Details

Source: Mitre, NVD

Published: 2006-05-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00507