Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (1)

medium Nessus Plugin ID 19499

Synopsis

A web application on the remote host has multiple cross-site scripting vulnerabilities.

Description

The remote host is running Ultimate PHP Board (UPB). This version of UPB has multiple cross-site scripting vulnerabilities. A remote attacker could exploit these issues by tricking a user into requesting a maliciously crafted URL, resulting in the execution of arbitrary script code.

Solution

There is no known solution at this time.

See Also

http://www.retrogod.altervista.org/upbgold196xssurlspoc.txt

https://www.securityfocus.com/archive/1/402461

http://www.retrogod.altervista.org/upbgold196poc.php.txt

Plugin Details

Severity: Medium

ID: 19499

File Name: upb_xss2.nasl

Version: 1.19

Type: remote

Published: 8/24/2005

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/PHP, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/21/2005

Reference Information

BID: 14348, 14350

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990