| Vulnerability Name: | CVE-2005-3418 (CCN-23969) | ||||||||
| Assigned: | 2005-10-31 | ||||||||
| Published: | 2005-10-31 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Sun Oct 30 2005 - 18:16:37 CST Advisory 17/2005: phpBB Multiple Vulnerabilities Source: MITRE Type: CNA CVE-2005-3418 Source: BUGTRAQ Type: UNKNOWN 20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities Source: CCN Type: SA17366 phpBB Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17366 Source: SECUNIA Type: UNKNOWN 18098 Source: SREASON Type: UNKNOWN 130 Source: CCN Type: SECTRACK ID: 1015121 phpBB Lets Remote Users Bypass the Global `Deregistration` Code, Inject SQL Commands, Execute PHP Code, and Conduct Cross-Site Scripting Attacks Source: SECTRACK Type: Patch, Vendor Advisory 1015121 Source: DEBIAN Type: UNKNOWN DSA-925 Source: DEBIAN Type: DSA-925 phpbb2 -- several vulnerabilities Source: MISC Type: Patch, Vendor Advisory http://www.hardened-php.net/advisory_172005.75.html Source: OSVDB Type: Patch 20387 Source: OSVDB Type: Patch 20388 Source: OSVDB Type: Patch 20389 Source: CCN Type: OSVDB ID: 20387 phpBB usercp_register.php error_msg Parameter XSS Source: CCN Type: OSVDB ID: 20388 phpBB login.php forward_page Parameter XSS Source: CCN Type: OSVDB ID: 20389 phpBB search.php list_cat Parameter XSS Source: CCN Type: phpBB Web site phpBB:: Creating Communities Source: BID Type: Patch 15243 Source: CCN Type: BID-15243 PHPBB Global Variable Deregistration Bypass Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2005-2250 Source: XF Type: UNKNOWN phpbb-multiple-xss(23969) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||