CVE-2007-2235

Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.acid-root.new.fr/advisories/13070411.txt
http://dev.punbb.org/changeset/934
http://dev.punbb.org/changeset/938
http://secunia.com/advisories/24843	Patch Vendor Advisory
http://securityreason.com/securityalert/2613
http://www.vupen.com/english/advisories/2007/1362
http://www.securityfocus.com/archive/1/465400/100/100/threaded
http://www.securityfocus.com/archive/1/465338/100/100/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*

Information

Published : 2007-04-25 08:19

Updated : 2018-10-16 09:42

NVD link : CVE-2007-2235

Mitre link : CVE-2007-2235

JSON object : View

CWE

NVD-CWE-Other

Products Affected

punbb

punbb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.acid-root.new.fr/advisories/13070411.txt", "name": "http://www.acid-root.new.fr/advisories/13070411.txt", "tags": [], "refsource": "MISC"}, {"url": "http://dev.punbb.org/changeset/934", "name": "http://dev.punbb.org/changeset/934", "tags": [], "refsource": "CONFIRM"}, {"url": "http://dev.punbb.org/changeset/938", "name": "http://dev.punbb.org/changeset/938", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/24843", "name": "24843", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/2613", "name": "2613", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2007/1362", "name": "ADV-2007-1362", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded", "name": "20070411 PunBB <= 1.2.14 Multiple Vulnerabilities (Advisory)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded", "name": "20070411 PunBB <= 1.2.14 Remote Code Execution (Exploit)", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-2235", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-04-25T15:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.2.14"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-16T16:42Z"}

4.3 /10