NASLDB: BiTBOARD IMG BBCode Tag XSS
General
ID: 16191
Name: BiTBOARD IMG BBCode Tag XSS
Summary: Determines the version of BiTBOARD
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:H/RL:U/RC:ND
Port: 80
Family: CGI abuses : XSS
Type: Remote
Description
The remote host is running BiTBOARD, a web-based bulletin board
written in PHP.
The remote version of this software is affected by a cross-site
scripting issue that may allow an attacker to steal the http cookies
of the regular users of the remote site to gain unauthorized access to
their account.
Exploiting
Exploit Available: True
Exploitability Ease: No exploit is required
Sources
CVE: CVE-2005-0374
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2005/01/12
Patch Release: –
Plugin Release: 2005/01/18
Plugin
Version: 1.18
Filename: bitboard_img_bbcode_vuln.nasl
Filesize: 2563 bytes
MD5 Hash: f5a380a5a6cfff1f6940ba33c21ec206
Identification: –
Require Keys: –
Dependencies: "http_version.nasl"
Copyright: This script is Copyright© 2005-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack