Unrated severityNVD Advisory· Published May 19, 2006· Updated Apr 16, 2026

CVE-2006-2491

Description

Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable.

Affected products

Kailash Nadh/Boastmachine6 versions
cpe:2.3:a:boastmachine:boastmachine:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:boastmachine:boastmachine:*:*:*:*:*:*:*:*range: <=3.1
- cpe:2.3:a:boastmachine:boastmachine:3.0:*:platinum:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20149nvdExploitVendor Advisory
www.osvdb.org/25617nvdExploit
www.osvdb.org/25618nvdExploit
www.securityfocus.com/bid/18012nvdExploit
securityreason.com/securityalert/725nvd
securityreason.com/securityalert/927nvd
www.securityfocus.com/archive/1/434294/100/0/threadednvd
www.vupen.com/english/advisories/2006/1853nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26518nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000