CVE-2006-4206

medium

Description

Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28352

http://www.securityfocus.com/bid/20335

http://www.securityfocus.com/archive/1/443035/100/0/threaded

http://www.osvdb.org/29232

http://securityreason.com/securityalert/1405

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4206

Details

Source: Mitre, NVD

Published: 2006-08-17

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.07955