Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2066

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2066
Last Modified 31 Jul 2013 10:34:34
Published 02 May 2008 07:20:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2066

Summary

Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

Vulnerable Systems

Application

  • Minibb 2.2a


References

XF - minibb-bbadmin-xss(42076)

BID - 28957

BUGTRAQ - 20080428 Minibb 2.2a XSS Vulnerability

SREASON - 3846

SECUNIA - 30004

MISC - https://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb/

BID - 61116

CONFIRM - http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html

CONFIRM - http://www.minibb.com/download.php?file=minibb_update

FULLDISC - 20130711 XSS and SQL Injection Vulnerabilities in MiniBB

OSVDB - 95122


Last Updated: 27 May 2016 11:02:42