Vulnerability CVE-2005-3418
Published: 2005-11-01   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.

See advisories in our WLB2 database:
Topic
Author
Date
High
phpBB Multiple Vulnerabilities
Stefan Esser
31.10.2005

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Phpbb group -> Phpbb 

 References:
http://www.securityfocus.com/bid/15243
http://www.osvdb.org/20389
http://www.osvdb.org/20388
http://www.osvdb.org/20387
http://www.hardened-php.net/advisory_172005.75.html
http://securitytracker.com/id?1015121
http://marc.theaimsgroup.com/?l=bugtraq&m=113081113317600&w=2
http://www.vupen.com/english/advisories/2005/2250
http://secunia.com/advisories/17366
http://www.debian.org/security/2005/dsa-925
http://securityreason.com/securityalert/130
http://secunia.com/advisories/18098
Copyright 2024, cxsecurity.com

 

Back to Top