Описание
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
Ссылки
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:punbb:punbb:1.0:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_alpha:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_beta1a:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_beta3:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.10:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00527
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
EPSS
Процентиль: 67%
0.00527
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other