Arbitrary Script Injection in Ekinboard 1.0.3 via Profile ID and Post Titles

Arbitrary Script Injection in Ekinboard 1.0.3 via Profile ID and Post Titles

CVE-2005-3638 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.

Learn more about our Web App Pen Testing.