Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6437

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6437
Last Modified 02 Apr 2009 01:43:30
Published 06 Mar 2009 01:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6437

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.

Vulnerable Systems

Application

  • Lukas Waldauf Phpfreeforum 1.0


References

XF - phpfreeforum-error-menu-xss(42586)

BID - 29337

BUGTRAQ - 20080522 PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability

SECUNIA - 30372

OSVDB - 45608

OSVDB - 45607


Last Updated: 27 May 2016 10:49:11