CVE-2006-3767

Publication date

2006-07-21 00:00:00

Family

mitre

State

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in showprofile.php in Darrens $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment.