3 results (0.019 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en toplist.php de PhpBB Toplist 1.3.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los campos (1) Nombre e (2) Información cuando se añade un nuevo sitio (acción toplistnew). • http://securityreason.com/securityalert/2015 http://www.securityfocus.com/archive/1/453923/100/0/threaded http://www.securityfocus.com/bid/21506 https://exchange.xforce.ibmcloud.com/vulnerabilities/30808 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2

PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1722 https://www.exploit-db.com/exploits/1724 http://secunia.com/advisories/19884 http://www.osvdb.org/25260 http://www.vupen.com/english/advisories/2006/1601 https://exchange.xforce.ibmcloud.com/vulnerabilities/26172 •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. • http://www.osvdb.org/25294 http://www.securityfocus.com/archive/1/432453/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26172 •