CVE-2011-3371

Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
punbbpunbb
𝑥
≤ 1.3.5
punbbpunbb
1.0
punbbpunbb
1.0:alpha
punbbpunbb
1.0:beta1
punbbpunbb
1.0:beta1a
punbbpunbb
1.0:beta2
punbbpunbb
1.0:beta3
punbbpunbb
1.0:rc1
punbbpunbb
1.0:rc2
punbbpunbb
1.0.1
punbbpunbb
1.1
punbbpunbb
1.1.1
punbbpunbb
1.1.2
punbbpunbb
1.1.3
punbbpunbb
1.1.4
punbbpunbb
1.1.5
punbbpunbb
1.2
punbbpunbb
1.2.1
punbbpunbb
1.2.2
punbbpunbb
1.2.3
punbbpunbb
1.2.4
punbbpunbb
1.2.5
punbbpunbb
1.2.6
punbbpunbb
1.2.7
punbbpunbb
1.2.8
punbbpunbb
1.2.9
punbbpunbb
1.2.10
punbbpunbb
1.2.11
punbbpunbb
1.2.12
punbbpunbb
1.2.13
punbbpunbb
1.2.14
punbbpunbb
1.2.15
punbbpunbb
1.2.16
punbbpunbb
1.2.17
punbbpunbb
1.2.18
punbbpunbb
1.2.19
punbbpunbb
1.2.20
punbbpunbb
1.2.21
punbbpunbb
1.2.22
punbbpunbb
1.2.23
punbbpunbb
1.3
punbbpunbb
1.3:beta
punbbpunbb
1.3:rc1
punbbpunbb
1.3:rc2
punbbpunbb
1.3:rc7
punbbpunbb
1.3.1
punbbpunbb
1.3.2
punbbpunbb
1.3.3
punbbpunbb
1.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html
http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/
http://punbb.informer.com/forums/topic/24430/punbb-136/
http://securitytracker.com/id?1026073
http://www.openwall.com/lists/oss-security/2011/09/18/1
http://www.openwall.com/lists/oss-security/2011/09/22/3
https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip
https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html
http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/
http://punbb.informer.com/forums/topic/24430/punbb-136/
http://securitytracker.com/id?1026073
http://www.openwall.com/lists/oss-security/2011/09/18/1
http://www.openwall.com/lists/oss-security/2011/09/22/3
https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip
https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d