Summary
The remote web server contains a CGI application that suffers from multiple vulnerabilities.
Description :
The 'YaBB.pl' CGI is installed. This version is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.
Another flaw in YaBB may allow an attacker to execute malicious administrative commands on the remote host by sending malformed IMG tags in posts to the remote YaBB forum and waiting for the forum administrator to view one of the posts.
Solution
Unknown at this time.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-2402, CVE-2004-2403 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Adobe ColdFusion Authentication Bypass Vulnerability
- Acidcat CMS Multiple Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability