Secunia
Login
|
|
|
|
|
|
|
|
|
PunBB Two Vulnerabilities
Release Date: 2005-09-22 Last Update: 2005-10-04 Views: 11,551
Secunia Advisory SA16908
Where:
From remote
Impact:
Unknown, Cross Site Scripting,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
Two vulnerabilities have been reported in PunBB, where one has an unknown impact and the other can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed via the "forgotten e-mail" feature isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) A potential code inclusion vulnerability in the user language selection has an unknown impact.
The vulnerabilities have been reported in version 1.2.7. Prior versions may also be affected.
Solution:
Update to version 1.2.8.
Further details available to Secunia VIM customers
Provided and/or discovered by:
The vendor credits Stefan Esser and Smartys.
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: PunBB Two Vulnerabilities
|
No posts yet |
|
You must be logged in to post a comment. |
