CVE-2006-1661
skforum < 1.5 - Cross-Site Scripting via areaID, time, and userID Parameters
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2006-1661. PoCs published by r0t.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in SKForum, where user-supplied input is not properly sanitized. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.
Exploits (3)
The provided text describes a cross-site scripting (XSS) vulnerability in SKForum, where user-supplied input is not properly sanitized. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.
The provided text describes a cross-site scripting (XSS) vulnerability in SKForum, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the 'time' parameter.
The provided text describes a cross-site scripting (XSS) vulnerability in SKForum, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the 'areaID' parameter.