CVE-2005-3260 - Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow

CVE-2005-3260

Summary

Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php.

References

http://marc.info/?l=bugtraq&m=112907535528616&w=2
http://rgod.altervista.org/versatile100RC2.html
http://secunia.com/advisories/17174/
http://www.osvdb.org/19969
http://www.osvdb.org/19970
http://www.osvdb.org/19971
http://www.securityfocus.com/bid/15073

Vulnerable Configurations

cpe:2.3:a:versatilebulletinboard:versatilebulletinboard:1.0.0.rc2:*:*:*:*:*:*:*
cpe:2.3:a:versatilebulletinboard:versatilebulletinboard:1.0.0.rc2:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2016 - 03:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	15073
bugtraq	20051010 versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)
misc	http://rgod.altervista.org/versatile100RC2.html
osvdb	19969 19970 19971
secunia	17174

Last major update

18-10-2016 - 03:34

Published

20-10-2005 - 10:02

Last modified

18-10-2016 - 03:34