Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0730

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-0730
Last Modified 05 Sep 2008 04:39:14
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0730

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0.8

  • Phpbb Group Phpbb 2.0.8a


References

BUGTRAQ - 20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]

XF - phpbb-lang-bbcode-xss(16726)

XF - phpbb-lang-faq-xss(16725)

XF - phpbb-indexphp-xss(16724)

MISC - http://www.waraxe.us/index.php?modname=sa&id=34

BID - 10738


Last Updated: 27 May 2016 10:38:44