Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote malicious users to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
punbb punbb 1.0.1 |
||
punbb punbb 1.0_alpha |
||
punbb punbb 1.1 |
||
punbb punbb 1.1.1 |
||
punbb punbb 1.2.10 |
||
punbb punbb 1.2.2 |
||
punbb punbb 1.2.3 |
||
punbb punbb 1.0_beta1 |
||
punbb punbb 1.0_beta1a |
||
punbb punbb 1.1.2 |
||
punbb punbb 1.1.3 |
||
punbb punbb 1.2.4 |
||
punbb punbb 1.2.5 |
||
punbb punbb 1.0_beta2 |
||
punbb punbb 1.0_beta3 |
||
punbb punbb 1.1.4 |
||
punbb punbb 1.1.5 |
||
punbb punbb 1.2.6 |
||
punbb punbb 1.2.7 |
||
punbb punbb 1.0 |
||
punbb punbb 1.0_rc1 |
||
punbb punbb 1.0_rc2 |
||
punbb punbb 1.2 |
||
punbb punbb 1.2.1 |
||
punbb punbb 1.2.8 |
||
punbb punbb 1.2.9 |