CVE-2015-1475

Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/
http://seclists.org/fulldisclosure/2015/Feb/15
http://packetstormsecurity.com/files/130220/My-Little-Forum-2.3.3-2.2-1.7-Cross-Site-Scripting.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/100616

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mylittleforum:my_little_forum:1.7:::::::*
	cpe:2.3:a:mylittleforum:my_little_forum:2.3.3:::::::*
	cpe:2.3:a:mylittleforum:my_little_forum:2.2:::::::*

Information

Published : 2015-02-04 08:59

Updated : 2017-09-07 18:29

NVD link : CVE-2015-1475

Mitre link : CVE-2015-1475

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

mylittleforum

my_little_forum

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/", "name": "http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/", "tags": [], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2015/Feb/15", "name": "20150203 My Little Forum Multiple XSS Security Vulnerabilities", "tags": [], "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/130220/My-Little-Forum-2.3.3-2.2-1.7-Cross-Site-Scripting.html", "name": "http://packetstormsecurity.com/files/130220/My-Little-Forum-2.3.3-2.2-1.7-Cross-Site-Scripting.html", "tags": [], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100616", "name": "mylittleforum-multiple-xss(100616)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-1475", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2015-02-04T16:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mylittleforum:my_little_forum:1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mylittleforum:my_little_forum:2.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mylittleforum:my_little_forum:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-08T01:29Z"}