| Vulnerability Name: | CVE-2004-0339 (CCN-15348) | ||||||||
| Assigned: | 2004-02-29 | ||||||||
| Published: | 2004-02-29 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. This vulnerability is addressed in the following product release: phpBB Group, phpBB, 2.0.7 | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Feb 28 2004 - 09:09:02 CST New phpBB ViewTopic.php Cross Site Scripting Vulnerability Source: MITRE Type: CNA CVE-2004-0339 Source: BUGTRAQ Type: UNKNOWN 20040228 New phpBB ViewTopic.php Cross Site Scripting Vulnerability Source: CCN Type: OSVDB ID: 4256 phpBB viewtopic.php postorder Parameter XSS Source: CCN Type: phpBB Web site phpBB.com :: Download phpBB Source: BID Type: Patch 9765 Source: CCN Type: BID-9765 PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN phpbb-viewtopicphp-xss(15348) Source: XF Type: UNKNOWN phpbb-viewtopicphp-xss(15348) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||