CVE-2006-3494

Buddy Zone 1.0.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.

References (20)

[Vendor Advisory] http://secunia.com/advisories/20933

[Exploit] http://www.osvdb.org/26979

[Exploit] http://www.osvdb.org/26980

[Exploit] http://www.osvdb.org/26981

[Exploit] http://www.osvdb.org/26982

[Exploit] http://www.osvdb.org/26983

[Exploit] http://www.osvdb.org/26984

[Exploit] http://www.osvdb.org/26985

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/2645

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27514

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438868/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/440144/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18759

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26988

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26989

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26990

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26991

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26992

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26993

[Third Party Advisory] http://securityreason.com/securityalert/1209

Scores

EPSS 0.0815

EPSS Percentile 92.1%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

vastal_i-tech/buddy_zone < 1.0.1

Timeline

Published Jul 10, 2006

Tracked Since Feb 18, 2026