Unrated severityNVD Advisory· Published Jul 18, 2006· Updated Apr 6, 2026

CVE-2006-3607

Description

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php.

Affected products

Softbizscripts/Banner Exchange Script
cpe:2.3:a:softbizscripts:banner_exchange_script:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ellsec.org/print.phpnvdExploitURL Repurposed
exchange.xforce.ibmcloud.com/vulnerabilities/27460nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/27461nvdThird Party Advisory
www.securityfocus.com/archive/1/438705/100/200/threadednvdBroken Link
www.securityfocus.com/bid/18735nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000