PunBB IMG Tag Client Side Scripting XSS Network Vulnerability

Summary

The remote web server contains a PHP application that is affected by a cross-site scripting vulnerability. Description : The remote version of PunBB is vulnerable to cross-site scripting flaws because the application does not validate IMG tag. With a specially crafted URL, an attacker can cause arbitrary code execution within a user's browser, resulting in a loss of integrity.

Solution

Update to PunBB version 1.0.1 or later.

References

http://www.punbb.org/changelogs/1.0_to_1.0.1.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities

Take action and discover your vulnerabilities