Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1431

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1431
Last Modified 11 Feb 2015 02:41:58
Published 10 Feb 2015 12:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1431

Summary

Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."

Vulnerable Systems

Application

  • Phpbb 3.0.12


References

CONFIRM - https://wiki.phpbb.com/Release_Highlights/3.0.13

CONFIRM - https://tracker.phpbb.com/browse/PHPBB3-13531

CONFIRM - https://github.com/phpbb/phpbb/pull/3316

CONFIRM - https://github.com/phpbb/phpbb/commit/eaeb88133f1f028fa06f0ebe5639668436fd469e

XF - phpbb3-cve20151431-xss(100670)

BID - 72405

MLIST - [oss-security] 20150131 Re: CVE request: phpbb3 CSRF and CSS injection


Last Updated: 27 May 2016 11:07:46