VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 29, 2006· Updated Apr 16, 2026

CVE-2006-3308

CVE-2006-3308

Description

Unspecified flaw in Project EROS bbsengine's wpprop code allows remote XSS via [img] tags, impacting versions before 20060622-0315.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unspecified flaw in Project EROS bbsengine's wpprop code allows remote XSS via [img] tags, impacting versions before 20060622-0315.

Vulnerability

The wpprop code in Project EROS bbsengine contains an unspecified vulnerability related to the handling of [img] tags. It is likely a cross-site scripting (XSS) issue that allows remote injection. The affected versions are those prior to the 20060622-0315 release [1].

Exploitation

An attacker can exploit the issue remotely by crafting malicious [img] tags, potentially without requiring authentication. The exact sequence of steps is not detailed, but the attack vector is network-based and involves injecting the tags into content processed by the bbsengine [1].

Impact

Successful exploitation could lead to unauthorized actions in the context of a victim's session, such as data disclosure or session hijacking. The impact is categorized as unknown in the advisory, but due to the XSS nature, it could compromise confidentiality and integrity [1].

Mitigation

The fix was released on 2006-06-22 as version 20060622-0315. Users should upgrade to this version or later. No workaround is documented in the available reference [1].

References
  1. Project Eros

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • Zoid Technologies/Project Eros Bbsengine9 versions
    cpe:2.3:a:zoid_technologies:project_eros_bbsengine:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:*:*:*:*:*:*:*:*range: <=2006-06-21
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-02-23:*:*:*:*:*:*:*
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-04-29:*:*:*:*:*:*:*
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-05-01:*:*:*:*:*:*:*
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-05-09:*:*:*:*:*:*:*
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-05-10:*:*:*:*:*:*:*
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-05-12:*:*:*:*:*:*:*
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-05-19:*:*:*:*:*:*:*
    • cpe:2.3:a:zoid_technologies:project_eros_bbsengine:2006-05-20:*:*:*:*:*:*:*
  • Project EROS/bbsenginellm-fuzzy
    Range: <20060622-0315

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.