CVE Vulnerability

CVE-2007-2235

Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.acid-root.new.fr/advisories/13070411.txt
http://dev.punbb.org/changeset/934
http://dev.punbb.org/changeset/938
http://secunia.com/advisories/24843 Patch Vendor Advisory
http://securityreason.com/securityalert/2613
http://www.vupen.com/english/advisories/2007/1362
http://www.securityfocus.com/archive/1/465400/100/100/threaded
http://www.securityfocus.com/archive/1/465338/100/100/threaded
Configurations

Configuration 1

cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*
Information

Published : 2007-04-25 03:19

Updated : 2018-10-16 04:42

NVD link : CVE-2007-2235

Mitre link : CVE-2007-2235

Products Affected
No products.
CWE
NVD-CWE-Other