Published: 25/07/2007 Updated: 15/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.

Vulnerable Product	Search on Vulmon	Subscribe to Product
usebb usebb 1.0.1
usebb usebb 1.0.2
usebb usebb 1.0_rc2
usebb usebb 1.0_rc3
usebb usebb 1.0.3
usebb usebb 1.0.4
usebb usebb 1.0
usebb usebb 1.0.7
usebb usebb 1.0_rc1
usebb usebb 1.0.5
usebb usebb 1.0.6

source: wwwsecurityfocuscom/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may help ...

source: wwwsecurityfocuscom/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may he ...

NVD-CWE-Other http://www.securityfocus.com/bid/24990 http://securityreason.com/securityalert/2915 http://www.securityfocus.com/archive/1/474256/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/30323/

CVE-2007-3963

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect