CVE-2006-1841 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.

Affected Software

Name	Vendor	Start Version	End Version
Boastmachine	Kailash_nadh	2.5 (including)	2.5 (including)
Boastmachine	Kailash_nadh	2.7 (including)	2.7 (including)
Boastmachine	Kailash_nadh	2.8 (including)	2.8 (including)
Boastmachine	Kailash_nadh	2.9b (including)	2.9b (including)

References

http://secunia.com/advisories/19711
http://www.securityfocus.com/archive/1/431120/100/0/threaded
http://www.securityfocus.com/bid/17550
http://www.vupen.com/english/advisories/2006/1375
https://exchange.xforce.ibmcloud.com/vulnerabilities/25914
http://secunia.com/advisories/19711
http://www.securityfocus.com/archive/1/431120/100/0/threaded
http://www.securityfocus.com/bid/17550
http://www.vupen.com/english/advisories/2006/1375
https://exchange.xforce.ibmcloud.com/vulnerabilities/25914

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1841
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html