7.5

CVE-2005-1193

The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpbb GroupPhpbb Version2.0.0
Phpbb GroupPhpbb Version2.0.1
Phpbb GroupPhpbb Version2.0.2
Phpbb GroupPhpbb Version2.0.3
Phpbb GroupPhpbb Version2.0.4
Phpbb GroupPhpbb Version2.0.5
Phpbb GroupPhpbb Version2.0.6
Phpbb GroupPhpbb Version2.0.6c
Phpbb GroupPhpbb Version2.0.6d
Phpbb GroupPhpbb Version2.0.7
Phpbb GroupPhpbb Version2.0.7a
Phpbb GroupPhpbb Version2.0.8
Phpbb GroupPhpbb Version2.0.8a
Phpbb GroupPhpbb Version2.0.9
Phpbb GroupPhpbb Version2.0.10
Phpbb GroupPhpbb Version2.0.11
Phpbb GroupPhpbb Version2.0.12
Phpbb GroupPhpbb Version2.0.13
Phpbb GroupPhpbb Version2.0.14
Phpbb GroupPhpbb Version2.0_beta1
Phpbb GroupPhpbb Version2.0_rc1
Phpbb GroupPhpbb Version2.0_rc2
Phpbb GroupPhpbb Version2.0_rc3
Phpbb GroupPhpbb Version2.0_rc4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.36% 0.966
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://castlecops.com/t123194-.html
http://marc.info/?l=full-disclosure&m=111552510000088&w=2
http://seclists.org/lists/bugtraq/2005/May/0098.html
http://secunia.com/advisories/15298
Patch
http://securitytracker.com/id?1013918
Patch
http://securitytracker.com/id?1014117
http://www.kb.cert.org/vuls/id/113196
US Government Resource
http://www.osvdb.org/16439
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194
Patch
http://www.securityfocus.com/bid/13545
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/20574