Description
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Yunus Emre Yilmaz · textwebappsphp
https://www.exploit-db.com/exploits/27889
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/725
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26518
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1853
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/927
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/434294/100/0/threaded
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25618
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20149
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25617
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18012
Scores
EPSS
0.1096
EPSS Percentile
93.5%
Details
Status
published
Products (6)
boastmachine/boastmachine
3.0
boastmachine/boastmachine
< 3.1
kailash_nadh/boastmachine
2.5
kailash_nadh/boastmachine
2.7
kailash_nadh/boastmachine
2.8
kailash_nadh/boastmachine
2.9b
Published
May 19, 2006
Tracked Since
Feb 18, 2026