| |
Vulnerability CVE-2009-4408
Published: 2009-12-23 Modified: 2012-02-13
Description: |
Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are not properly handled when a post is viewed. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Nam Nguyen | 26.12.2009 |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://www.securityfocus.com/archive/1/508478/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/54855
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|