CVE-2004-0339

Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/9765	Patch
http://marc.info/?l=bugtraq&m=107799508130700&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15348

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phpbb_group:phpbb:2.0.3:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.4:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.6c:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.1:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.2:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.5:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.6:::::::*

Information

Published : 2004-11-22 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0339

Mitre link : CVE-2004-0339

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

phpbb_group

phpbb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/9765", "name": "9765", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=107799508130700&w=2", "name": "20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15348", "name": "phpbb-viewtopicphp-xss(15348)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0339", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-11-23T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}