PunBB profile.php Multiple Parameter XSS

medium Nessus Plugin ID 17363

Synopsis

The remote web server contains a PHP application that is affected by several cross-site scripting vulnerabilities.

Description

According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php' through the 'email' and 'Jabber' parameters. An attacker could exploit this flaw to embed malicious script or HTML code in his profile. Then, whenever someone browses that profile, the code would be executed in that person's browser in the context of the website, enabling the attacker to conduct cross-site scripting attacks.

Solution

Upgrade to PunBB version 1.2.4 or later.

See Also

http://securitytracker.com/alerts/2005/Mar/1013446.html

Plugin Details

Severity: Medium

ID: 17363

File Name: punBB_profile_code_injection.nasl

Version: 1.14

Type: remote

Published: 3/18/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/punBB

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/8/2005

Reference Information

CVE: CVE-2005-0818

BID: 12828

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990