CVE-2005-4426

Опубликовано: 20 дек. 2005

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB.

Ссылки

http://secunia.com/advisories/17411
Patch
Vendor Advisory
http://www.securityfocus.com/bid/15368
Patch
http://www.yabbforum.com/downloads.php
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/23020
http://secunia.com/advisories/17411
Patch
Vendor Advisory
http://www.securityfocus.com/bid/15368
Patch
http://www.yabbforum.com/downloads.php
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/23020

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:yabb:yabb:1.40:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:1.41:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:1_gold_-_sp_1:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.2:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.4:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:1_gold_release:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:2.0:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:2.0_rc1:*:*:*:*:*:*:*

cpe:2.3:a:yabb:yabb:2.0_rc2:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00244

Низкий

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8pj3-c92f-vjfj

github

почти 4 года назад