CVE-2006-1034

Published: Mar 7, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.

Affected (13)

Products: Woltlab: Burning Board

Woltlab

1 product

Burning Board

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Woltlab Burning Board	Version 1.1.1
Woltlab Burning Board	Version 2.0_beta_3
Woltlab Burning Board	Version 2.0_beta_4
Woltlab Burning Board	Version 2.0_beta_5
Woltlab Burning Board	Version 2.0_rc1
Woltlab Burning Board	Version 2.0_rc2
Woltlab Burning Board	Version 2.2.2
Woltlab Burning Board	Version 2.3.1
Woltlab Burning Board	Version 2.3.3
Woltlab Burning Board	Version 2.4
Woltlab Burning Board	Version 2.5
Woltlab Burning Board	Version 2.6
Woltlab Burning Board	Version 2.7

References (2)

http://www.securityfocus.com/bid/16843

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/16843

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.