Detections
Analytics

BiTBOARD IMG BBCode Tag XSS

low Nessus Plugin ID 16191

Language:

Synopsis

The remote web server contains a PHP script that is prone to a cross- site scripting attack.

Description

The remote host is running BiTBOARD, a web-based bulletin board written in PHP.

The remote version of this software is affected by a cross-site scripting issue that may allow an attacker to steal the http cookies of the regular users of the remote site to gain unauthorized access to their account.

Solution

Upgrade to BiTBOARD 2.6 or later.

See Also

https://seclists.org/bugtraq/2005/Jan/135

Plugin Details

Severity: Low

ID: 16191

File Name: bitboard_img_bbcode_vuln.nasl

Version: 1.23

Type: remote

Published: 1/18/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 3

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/12/2005

Reference Information

CVE: CVE-2005-0374

BID: 12248

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990