XMB Forum Software
Not logged in [Login - Register]
Go To Bottom

Printable Version  
Author: Subject: [Security < 1.9.10] CVE-2006-1748
miqrogroove
XMB 1.9.12 Lead Developer
*********


Avatar


Posts: 443
Registered: 10-1-2002
Location: Florida
Member Is Offline

Mood: Past Three O'Clock

[*] posted on 5-10-2021 at 12:05 AM
[Security < 1.9.10] CVE-2006-1748


Bug Source: XMB 1.8 through 1.9.9

Symptoms: ActionScript compromise (XSS)

Security Impact: High

ID: CVE-2006-1748

Fixed By: XMB 1.9.10 and later are not affected.

Discussion:

In 2006, a CVE was assigned to a public exploit against XMB relating to Flash technology. XMB staff found this information through the National Vulnerability Database in 2008, and determined XMB versions starting with 1.8 contained an unfiltered BBCode feature named "flash". This feature allowed arbitrary content to be injected inline with the body of any message or post, which would enable users and spammers to reveal private information and to misdirect other users. The Flash BBCode was removed permanently from XMB in version 1.9.10 to prevent anyone from using this feature. This change was also available in a service pack for version 1.9.8.

Recommendations:


View user's profile Visit user's homepage View All Posts By User

  Go To Top

Powered by XMB 1.9.12
XMB Forum Software © 2001-2021 The XMB Group
[Queries: 16] [PHP: 26.2% - SQL: 73.8%]