Summary
The remote web server contains a CGI application that suffers from multiple vulnerabilities.
Description :
The 'YaBB.pl' CGI is installed. This version is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.
Another flaw in YaBB may allow an attacker to execute malicious administrative commands on the remote host by sending malformed IMG tags in posts to the remote YaBB forum and waiting for the forum administrator to view one of the posts.
Solution
Unknown at this time.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-2402, CVE-2004-2403 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- AdaptBB Multiple Input Validation Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- Alchemy Eye HTTP Command Execution
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability