cbcvebase.
CVE-2006-6447
published 2006-12-10

CVE-2006-6447: Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the…

PriorityP424medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.94%
77.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp.

Affected

3 ranges
VendorProductVersion rangeFixed in
vt-forumvt-forum_lite<= 1.3
vt-forumvt-forum_lite
vt-forumvt-forum_lite
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.