Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2198

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-2198
Last Modified 04 Mar 2015 02:13:39
Published 03 Mar 2015 02:59:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2198

Summary

Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.

Vulnerable Systems

Application

  • Beehive Forum 1.4.4


References

EXPLOIT-DB - 36154

CONFIRM - http://sourceforge.net/p/beehiveforum/news/2015/02/beehive-forum-145-released/


Last Updated: 27 May 2016 10:55:47