CVE-2006-2143
TextFileBB 1.0.16 - Cross-Site Scripting via BBCode Tag Event Handlers
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-2143. PoCs published by r0xes.
AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in TextFileBB 1.0.16 by injecting malicious scripts via unsanitized input in BBCode tags. The PoC includes examples of script injection through 'color', 'size', and 'url' tags, triggering alerts when hovered.
Description
Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags.
Exploits (1)
The exploit demonstrates multiple XSS vulnerabilities in TextFileBB 1.0.16 by injecting malicious scripts via unsanitized input in BBCode tags. The PoC includes examples of script injection through 'color', 'size', and 'url' tags, triggering alerts when hovered.