Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2402

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2402
Last Modified 05 Sep 2008 04:44:02
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2402

Summary

Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.

Vulnerable Systems

Application

  • Yabb 1 Gold - Sp 1

  • Yabb 1 Gold - Sp 1.2

  • Yabb 1 Gold - Sp 1.3

  • Yabb 1 Gold - Sp 1.3.1

  • Yabb 1 Gold - Sp 1.3.2

  • Yabb 1 Gold Release

  • Yabb 1.40

  • Yabb 1.41

  • Yabb 2000-09-01

  • Yabb 2000-09-11


References

XF - yabb-board-xss(17452)

BID - 11215

OSVDB - 10242

SECUNIA - 12593

BUGTRAQ - 20040916 RE: www.proboards.com / YaBB XSS Vuln


Last Updated: 27 May 2016 10:39:28