CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2005-4426
https://notcve.org/view.php?id=CVE-2005-4426
Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB. • http://secunia.com/advisories/17411 http://www.securityfocus.com/bid/15368 http://www.yabbforum.com/downloads.php https://exchange.xforce.ibmcloud.com/vulnerabilities/23020 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2296
https://notcve.org/view.php?id=CVE-2005-2296
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. YabbSE 1.5.5c permite que atacantes remotos obtengan información confidencial mediante una petición directa a "ssi_examples.php" (ya que revela el path). • http://marc.info/?l=bugtraq&m=112137300014760&w=2 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0785
https://notcve.org/view.php?id=CVE-2005-0785
Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. • http://marc.info/?l=bugtraq&m=111083400601759&w=2 http://securitytracker.com/id?1013420 http://www.securityfocus.com/bid/12756 https://exchange.xforce.ibmcloud.com/vulnerabilities/19671 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2005-0741 – YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-0741
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. • https://www.exploit-db.com/exploits/25199 http://securitytracker.com/id?1013420 http://www.securityfocus.com/bid/12756 •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 3CVE-2004-2403
https://notcve.org/view.php?id=CVE-2004-2403
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. • http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html http://secunia.com/advisories/12593 http://www.osvdb.org/10243 http://www.securityfocus.com/bid/11214 https://exchange.xforce.ibmcloud.com/vulnerabilities/17453 •