| Vulnerability Name: | CVE-2004-0730 (CCN-16725) | ||||||||
| Assigned: | 2004-07-16 | ||||||||
| Published: | 2004-07-16 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Jul 16 2004 - 09:22:42 CDT [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8] Source: MITRE Type: CNA CVE-2004-0730 Source: BUGTRAQ Type: UNKNOWN 20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8] Source: CCN Type: The phpBB Group Web site phpBB Source: CCN Type: phpBB Downloads Web page phpBB.com :: Download phpBB Source: BID Type: UNKNOWN 10738 Source: CCN Type: BID-10738 PHPBB Multiple Cross-Site Scripting Vulnerabilities Source: MISC Type: UNKNOWN http://www.waraxe.us/index.php?modname=sa&id=34 Source: XF Type: UNKNOWN phpbb-indexphp-xss(16724) Source: XF Type: UNKNOWN phpbb-lang-faq-xss(16725) Source: XF Type: UNKNOWN phpbb-lang-faq-xss(16725) Source: XF Type: UNKNOWN phpbb-lang-bbcode-xss(16726) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2004-0730 (CCN-16726) | ||||||||
| Assigned: | 2004-07-16 | ||||||||
| Published: | 2004-07-16 | ||||||||
| Updated: | 2004-07-16 | ||||||||
| Summary: | phpBB is vulnerable to cross-site scripting. A remote attacker could embed malicious code in the lang_bbcode.php script in a specially-crafted URL request, which would be executed in the victim's Web browser within the security context of the hosting site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Note: The register_globals option must be enabled on the server for an attacker to exploit this vulnerability. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Jul 16 2004 - 09:22:42 CDT [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8] Source: MITRE Type: CNA CVE-2004-0730 Source: CCN Type: The phpBB Group Web site phpBB Source: CCN Type: phpBB Downloads Web page phpBB.com :: Download phpBB Source: CCN Type: BID-10738 PHPBB Multiple Cross-Site Scripting Vulnerabilities Source: XF Type: UNKNOWN phpbb-lang-bbcode-xss(16726) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||