CVE-2006-3607

Published: Jul 18, 2006Modified: Apr 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php.

Affected (1)

Products: Softbizscripts: Banner Exchange Script

1 product

Banner Exchange Script

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Softbizscripts Banner Exchange Script	Version 1.0

References (10)

http://ellsec.org/print.php?type=N&item_id=141

Source: cve@mitre.org

ExploitURL Repurposed

http://www.securityfocus.com/archive/1/438705/100/200/threaded

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/18735

Source: cve@mitre.org

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/27460

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27461

Source: cve@mitre.org

Third Party Advisory

http://ellsec.org/print.php?type=N&item_id=141

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitURL Repurposed

http://www.securityfocus.com/archive/1/438705/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/18735

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/27460

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27461

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.