4 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. Se detectó un problema en PunBB versiones anteriores a 1.4.6. Una vulnerabilidad de tipo XSS en la etiqueta [email] BBcode permite (con autenticación) inyectar JavaScript arbitrario en cualquier mensaje del foro • https://punbb.informer.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. Varias vulnerabilidades de cross-site scripting (XSS) en include / functions.php en PunBB antes de v1.3.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, o (10) enviar parámetro a edit.php, la (11) acción, (12) form_sent, (13) csrf_token, (14) req_email, o (15) parámetro request_pass a login.php, el (16) correo electrónico, (17) form_sent, (18) REDIRECT_URL, (19) csrf_token, (20) req_subject, (21) req_message, o (22) enviar parámetro a misc.php, la acción (23), (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1 , (29) de actualización req_new_password2, o (30) parámetro para profile.php, o la acción (31), (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) zona horaria, o (39) registro de parámetros para register.php. • http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities http://punbb.informer.com/forums/topic/24430/punbb-136 http://securitytracker.com/id?1026073 http://www.openwall.com/lists/oss-security/2011/09/18/1 http://www.openwall.com/lists/oss-security/2011/09/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. Múltiples secuencias de comandos en sitios cruzados (XSS) en profile.php en PunBB antes de v1.3.4 permite a atacantes remotos inyectar HTML o scripts web a través de (1) la contraseña o (2) el e-mail. • http://punbb.informer.com/forums/topic/21669/punbb-134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. uploadimg.php del módulo Automatic Image Upload with Thumbnails (imgUpload) 1.3.2 para PunBB sólo verifica el campo Content-type de los archivos enviados, lo cual permite a atacantes remotos enviar y ejecutar contenido de su elección mediante un archivo con un tipo MIME (1) JPG, (2) GIF, O (3) PNG. • http://osvdb.org/42809 http://secunia.com/advisories/28138 http://www.fortconsult.net/images/pdf/advisories/punBB_imgUpload.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/39150 • CWE-20: Improper Input Validation •