CVE-2003-1277

Опубликовано: 31 дек. 2003

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html

Ссылки

http://www.iss.net/security_center/static/10989.php
http://www.iss.net/security_center/static/10990.php
http://www.securiteam.com/unixfocus/5BP051F8VE.html
Exploit
Vendor Advisory
http://www.securiteam.com/unixfocus/5BP061F8US.html
Exploit
Vendor Advisory
http://www.iss.net/security_center/static/10989.php
http://www.iss.net/security_center/static/10990.php
http://www.securiteam.com/unixfocus/5BP051F8VE.html
Exploit
Vendor Advisory
http://www.securiteam.com/unixfocus/5BP061F8US.html
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yabb:yabb:1.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00683

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-28rw-jv54-hwff

github

больше 3 лет назад