Summary
The remote web server contains a PHP script that is prone to multiple cross-site scripting attacks.
Description :
According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php'. With a specially-crafted URL, an attacker can inject arbitrary HTML and script code into a user's browser, resulting in a loss of integrity, theft of authentication cookies, and the like.
Solution
Update to PunBB version 1.1.4 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Ampache Reflected Cross Site Scripting Vulnerability