CVE Vulnerabilities

CVE-2006-2808

Published: Jun 05, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra iframe tagname within that element, followed by a double >, which might bypass cleansing operations.

Affected Software

Name Vendor Start Version End Version
Htmlgear_guestgear Lycos * *

References