Unrated severityNVD Advisory· Published May 2, 2006· Updated Jun 16, 2026
CVE-2006-2109
CVE-2006-2109
Description
Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:jsboard:jsboard:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:jsboard:jsboard:*:*:*:*:*:*:*:*range: <=2.0.11
- cpe:2.3:a:jsboard:jsboard:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:jsboard:jsboard:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:jsboard:jsboard:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:jsboard:jsboard:2.0.9:*:*:*:*:*:*:*
- (no CPE)range: <=2.0.11
Patches
Vulnerability mechanics
References
7- www.klink.name/security/aklink-sa-2006-001-jsboard-xss.txtnvdExploitPatchVendor Advisory
- secunia.com/advisories/19937nvd
- www.osvdb.org/25222nvd
- www.securityfocus.com/archive/1/432714/100/0/threadednvd
- www.securityfocus.com/bid/17778nvd
- www.vupen.com/english/advisories/2006/1636nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26211nvd
News mentions
0No linked articles in our index yet.