PunBB Profile.php XSS Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to multiple cross-site scripting attacks. Description : According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php'. With a specially-crafted URL, an attacker can inject arbitrary HTML and script code into a user's browser, resulting in a loss of integrity, theft of authentication cookies, and the like.

Solution

Update to PunBB version 1.1.4 or later.

References

http://www.punbb.org/changelogs/1.1.3_to_1.1.4.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Directory Traversal Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Apache CouchDB Cross Site Request Forgery Vulnerability

PunBB profile.php XSS

Take action and discover your vulnerabilities