Unrated severityNVD Advisory· Published May 4, 2006· Updated Apr 16, 2026

CVE-2006-2167

Description

Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.

Affected products

Sloughflash/Sf Users
cpe:2.3:a:sloughflash:sf-users:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19932nvdVendor Advisory
securityreason.com/securityalert/831nvd
www.securityfocus.com/archive/1/432727/100/0/threadednvd
www.securityfocus.com/bid/17783nvd
www.vupen.com/english/advisories/2006/1637nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26215nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000