CVE-2015-2217 – Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2015-2217

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. Múltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Ultimate PHP Board (también se conoce como myUPB) anterior a versión 2.2.8, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro q en el archivo search.php o el (2) parámetro avatar en el archivo profile.php. Ultimate PHP Board (UPB) version 2.2.7 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/130684/Ultimate-PHP-Board-UPB-2.2.7-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/534796/100/0/threaded http://www.securityfocus.com/bid/72991 https://github.com/Halamix2/MyUPB/blob/8b00a8f6ea999d22c22b081f4a144f51ec7225b0/changelog.txt https://github.com/PHP-Outburst/myUPB/issues/17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •