Unrated severityNVD Advisory· Published Feb 28, 2006· Updated Apr 16, 2026

CVE-2006-0927

Description

Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php.

Affected products

Jgs Xa/Jgs Gallery Addon
cpe:2.3:a:jgs-xa:jgs-gallery_addon:4.0:*:*:*:*:*:*:*
Woltlab/Burning Board8 versions
cpe:2.3:a:woltlab:burning_board:2.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:woltlab:burning_board:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:woltlab:burning_board:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:woltlab:burning_board:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:woltlab:burning_board:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:woltlab:burning_board:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:woltlab:burning_board:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:woltlab:burning_board:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:woltlab:burning_board:2.3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.nukedx.comnvdExploitVendor Advisory
www.securityfocus.com/bid/16810nvdVendor Advisory
archives.neohapsis.com/archives/fulldisclosure/2006-02/0615.htmlnvd
www.securityfocus.com/archive/1/425981/100/0/threadednvd
www.securityfocus.com/bid/16843nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24888nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.014
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000