Unrated severityNVD Advisory· Published Jan 13, 2006· Updated Apr 16, 2026

CVE-2006-0194

Description

Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.

Affected products

Fog Creek Software/Fogbugz
cpe:2.3:a:fog_creek_software:fogbugz:*:*:*:*:*:*:*:*
Range: <=4.029

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/16216nvdPatch
secunia.com/advisories/18443nvd
www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.htmlnvd
www.osvdb.org/22370nvd
www.securityfocus.com/archive/1/421729/100/0/threadednvd
www.vupen.com/english/advisories/2006/0174nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24103nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000