CVE-2006-6447 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vt-forum	Vt-forum Lite

Configuration 1 [-]

OR	cpe:2.3:a:vt-forum:vt-forum_lite:1.3:::::::*
	cpe:2.3:a:vt-forum:vt-forum_lite:1.5:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/23226
http://securityreason.com/securityalert/2011
http://www.securityfocus.com/archive/1/453452/100/0/threaded
http://www.securityfocus.com/bid/21428
http://www.vupen.com/english/advisories/2006/4850
https://exchange.xforce.ibmcloud.com/vulnerabilities/30725

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-10T21:00:00

Updated: 2024-08-07T20:26:46.476Z

Reserved: 2006-12-10T00:00:00

Link: CVE-2006-6447

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-10T21:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6447

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-03T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21428", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21428"}, {"name": "20061203 Vt-Forum Lite System V.1.3 Xss Vuln.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/453452/100/0/threaded"}, {"name": "2011", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2011"}, {"name": "vtforum-multiple-xss(30725)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30725"}, {"name": "23226", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23226"}, {"name": "ADV-2006-4850", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4850"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6447", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21428", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21428"}, {"name": "20061203 Vt-Forum Lite System V.1.3 Xss Vuln.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453452/100/0/threaded"}, {"name": "2011", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2011"}, {"name": "vtforum-multiple-xss(30725)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30725"}, {"name": "23226", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23226"}, {"name": "ADV-2006-4850", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4850"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.476Z"}, "title": "CVE Program Container", "references": [{"name": "21428", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21428"}, {"name": "20061203 Vt-Forum Lite System V.1.3 Xss Vuln.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/453452/100/0/threaded"}, {"name": "2011", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2011"}, {"name": "vtforum-multiple-xss(30725)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30725"}, {"name": "23226", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23226"}, {"name": "ADV-2006-4850", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4850"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6447", "datePublished": "2006-12-10T21:00:00", "dateReserved": "2006-12-10T00:00:00", "dateUpdated": "2024-08-07T20:26:46.476Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vt-forum:vt-forum_lite:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F4E9D05F-5301-4FB6-B633-BA15DCE67704", "vulnerable": true}, {"criteria": "cpe:2.3:a:vt-forum:vt-forum_lite:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E8C18E09-7E53-4CEB-B054-78F5E08CA62D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Vt-Forum Lite 1.3 y 1.5 permite a un atacante remoto inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro (1) StrMes en vf_info.asp y posiblemente (2) una URL en el atributo SRC de un elemento IFRAME que est\u00e1 sostenido por vf_newtopic.asp."}], "id": "CVE-2006-6447", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-10T21:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23226"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2011"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/453452/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/21428"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4850"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30725"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453452/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/21428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30725"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}