Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4665

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4665
Last Modified 07 Mar 2011 09:28:45
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4665

Summary

Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.

Vulnerable Systems

Application

  • Punbb 1.0

  • Punbb 1.0 Alpha

  • Punbb 1.0 Beta1

  • Punbb 1.0 Beta2

  • Punbb 1.0 Beta3

  • Punbb 1.0 Rc1

  • Punbb 1.0 Rc2

  • Punbb 1.0.1

  • Punbb 1.1

  • Punbb 1.1.1

  • Punbb 1.1.2

  • Punbb 1.1.3

  • Punbb 1.1.4

  • Punbb 1.1.5

  • Punbb 1.2.1

  • Punbb 1.2.2

  • Punbb 1.2.3

  • Punbb 1.2.4

  • Punbb 1.2.5

  • Punbb 1.2.6


References

BID - 14808

VUPEN - ADV-2005-1708

BUGTRAQ - 20060116 PunBB BBCode URL Tag Script Injection Vulnerability

BUGTRAQ - 20060117 Re: PunBB BBCode URL Tag Script Injection Vulnerability

CONFIRM - http://punbb.org/changelogs/1.2.6_to_1.2.7.txt

XF - punbb-bbcode-url-xss(22234)

OSVDB - 19382

SECUNIA - 16775

CONFIRM - http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt


Last Updated: 27 May 2016 10:42:36