NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-2815

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. NOTE: some sources have stated that the sb_authorname parameter is affected, but it is unclear which field is related to it.
Summary	Successful exploitation requires that the product is used in Mambo or Joomla!.
Publication Date	June 6, 2006, 2:02 a.m.
Registration Date	Jan. 29, 2021, 3:38 p.m.
Last Update	Oct. 19, 2018, 1:43 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:two_shoes_mambo_factory:simpleboard:1.1.0_stable:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046484.html	FULLDISC
2	http://secunia.com/advisories/20409	SECUNIA	Vendor Advisory
3	http://securityreason.com/securityalert/1030	SREASON
4	http://www.securityfocus.com/archive/1/435615/100/0/threaded	BUGTRAQ
5	http://www.securityfocus.com/bid/18251	BID
6	http://www.vupen.com/english/advisories/2006/2111	VUPEN	Vendor Advisory
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/27021	XF

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html