CVE-2006-1230
published 2006-03-14CVE-2006-1230: Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.53%
82.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belchior_foundry | vcard | — | — |
| belchior_foundry | vcard | — | — |
| belchior_foundry | vcard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2mf4-h3g6-2vrm: Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2006-2810 [MEDIUM] GHSA-2mf4-h3g6-2vrm: Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2
Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230.
GHSA
GHSA-3394-h5f6-fpwc: Multiple cross-site scripting (XSS) vulnerabilities in create
ghsa_unreviewed·2022-05-01
CVE-2006-1230 [MEDIUM] CWE-79 GHSA-3394-h5f6-fpwc: Multiple cross-site scripting (XSS) vulnerabilities in create
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/19216http://securitytracker.com/id?1016183http://www.osvdb.org/23838http://www.securityfocus.com/archive/1/427408/100/0/threadedhttp://www.securityfocus.com/archive/1/435310/100/0/threadedhttp://www.securityfocus.com/archive/1/461922/100/0/threadedhttp://www.securityfocus.com/bid/17073http://www.securityfocus.com/bid/22819http://www.vupen.com/english/advisories/2006/0945https://exchange.xforce.ibmcloud.com/vulnerabilities/25181http://secunia.com/advisories/19216http://securitytracker.com/id?1016183http://www.osvdb.org/23838http://www.securityfocus.com/archive/1/427408/100/0/threadedhttp://www.securityfocus.com/archive/1/435310/100/0/threadedhttp://www.securityfocus.com/archive/1/461922/100/0/threadedhttp://www.securityfocus.com/bid/17073http://www.securityfocus.com/bid/22819http://www.vupen.com/english/advisories/2006/0945https://exchange.xforce.ibmcloud.com/vulnerabilities/25181
2006-03-14
Published