5 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. Se detectó un problema en PunBB versiones anteriores a 1.4.6. Una vulnerabilidad de tipo XSS en la etiqueta [email] BBcode permite (con autenticación) inyectar JavaScript arbitrario en cualquier mensaje del foro • https://punbb.informer.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. Varias vulnerabilidades de cross-site scripting (XSS) en include / functions.php en PunBB antes de v1.3.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, o (10) enviar parámetro a edit.php, la (11) acción, (12) form_sent, (13) csrf_token, (14) req_email, o (15) parámetro request_pass a login.php, el (16) correo electrónico, (17) form_sent, (18) REDIRECT_URL, (19) csrf_token, (20) req_subject, (21) req_message, o (22) enviar parámetro a misc.php, la acción (23), (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1 , (29) de actualización req_new_password2, o (30) parámetro para profile.php, o la acción (31), (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) zona horaria, o (39) registro de parámetros para register.php. • http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities http://punbb.informer.com/forums/topic/24430/punbb-136 http://securitytracker.com/id?1026073 http://www.openwall.com/lists/oss-security/2011/09/18/1 http://www.openwall.com/lists/oss-security/2011/09/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. Múltiples secuencias de comandos en sitios cruzados (XSS) en profile.php en PunBB antes de v1.3.4 permite a atacantes remotos inyectar HTML o scripts web a través de (1) la contraseña o (2) el e-mail. • http://punbb.informer.com/forums/topic/21669/punbb-134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en login.php en PunBB v1.3 y v1.3.1 permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través del campo password. • http://punbb.informer.com http://punbb.informer.com/forums/topic/20475/punbb-132 http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login http://secunia.com/advisories/33059 http://www.openwall.com/lists/oss-security/2008/12/09/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. Múltiples vulnerabilidades de inyección SQL en PunBB v1.3 y v1.3.1 permite a administradores autenticados en remoto, ejecutar comandos SQL de su elección a través del parámetro (1) order_by o (2) direction a admin/users.php, o (3) opciones de configuración a admin/settings.php. • http://punbb.informer.com http://punbb.informer.com/forums/topic/20475/punbb-132 http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values http://secunia.com/advisories/33059 http://www.openwall.com/lists/oss-security/2008/12/09/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/47185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •