PunBB Install.php XSS Network Vulnerability

Summary

The remote web server contains a PHP application that is affected by several cross-site scripting vulnerabilities. Description : The remote version of PunBB is vulnerable to cross-site scripting flaws through 'install.php' script. With a specially-crafted URL, an attacker can inject arbitrary HTML and script code into a user's browser resulting in the possible theft of authentication cookies, mis-representation of site contents, and the like.

Solution

Update to PunBB version 1.1.2 or later.

References

http://www.punbb.org/changelogs/1.1.1_to_1.1.2.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Apache Struts Cross Site Scripting Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability

PunBB install.php XSS

Take action and discover your vulnerabilities