4

CVE-2005-4426

EPSS 0.24%
Published 20.12.2005 11:03:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Yabb ≫ Yabb Version1.40

Yabb ≫ Yabb Version1.41

Yabb ≫ Yabb Version1_gold_-_sp_1

Yabb ≫ Yabb Version1_gold_-_sp_1.2

Yabb ≫ Yabb Version1_gold_-_sp_1.3

Yabb ≫ Yabb Version1_gold_-_sp_1.3.1

Yabb ≫ Yabb Version1_gold_-_sp_1.3.2

Yabb ≫ Yabb Version1_gold_-_sp_1.4

Yabb ≫ Yabb Version1_gold_release

Yabb ≫ Yabb Version2.0

Yabb ≫ Yabb Version2.0_rc1

Yabb ≫ Yabb Version2.0_rc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.448

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

http://secunia.com/advisories/17411

Patch

Vendor Advisory

http://www.securityfocus.com/bid/15368

Patch

http://www.yabbforum.com/downloads.php

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/23020

https://nvd.nist.gov/vuln/detail/CVE-2005-4426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4426

EUVD