Unrated severityNVD Advisory· Published May 2, 2006· Updated Apr 16, 2026

CVE-2006-2109

Description

Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php.

Affected products

Jsboard/Jsboard5 versions
cpe:2.3:a:jsboard:jsboard:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:jsboard:jsboard:*:*:*:*:*:*:*:*range: <=2.0.11
- cpe:2.3:a:jsboard:jsboard:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:jsboard:jsboard:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:jsboard:jsboard:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:jsboard:jsboard:2.0.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.klink.name/security/aklink-sa-2006-001-jsboard-xss.txtnvdExploitPatchVendor Advisory
secunia.com/advisories/19937nvd
www.osvdb.org/25222nvd
www.securityfocus.com/archive/1/432714/100/0/threadednvd
www.securityfocus.com/bid/17778nvd
www.vupen.com/english/advisories/2006/1636nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26211nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000