CVE-2006-6174

N/A Unknown

Published: November 30, 2006 Modified: April 23, 2026

Description

Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://jvn.jp/jp/JVN%2347223461/index.html

Source: cve@mitre.org

http://secunia.com/advisories/23092

Source: cve@mitre.org

Vendor Advisory

http://sourceforge.net/forum/forum.php?forum_id=638868

Source: cve@mitre.org

Patch

http://www.osvdb.org/30701

Source: cve@mitre.org

http://www.osvdb.org/31993

Source: cve@mitre.org

http://www.securityfocus.com/bid/21321

Source: cve@mitre.org

http://www.tdiary.org/20061126.html

Source: cve@mitre.org

http://www.tdiary.org/download/tdiary.20061126.patch

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4722

Source: cve@mitre.org

http://jvn.jp/jp/JVN%2347223461/index.html