CVE-2006-4660

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28809

http://www.vupen.com/english/advisories/2006/3528

http://www.securityfocus.com/bid/19900

http://www.securityfocus.com/archive/1/445515/100/0/threaded

http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510

http://securityreason.com/securityalert/1523

http://secunia.com/advisories/21809

Details

Source: Mitre, NVD

Published: 2006-09-09

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00508