CVE-2011-3371

EUVD-2011-3335
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
punbbpunbb
𝑥
≤ 1.3.5
punbbpunbb
1.0
punbbpunbb
1.0:alpha
punbbpunbb
1.0:beta1
punbbpunbb
1.0:beta1a
punbbpunbb
1.0:beta2
punbbpunbb
1.0:beta3
punbbpunbb
1.0:rc1
punbbpunbb
1.0:rc2
punbbpunbb
1.0.1
punbbpunbb
1.1
punbbpunbb
1.1.1
punbbpunbb
1.1.2
punbbpunbb
1.1.3
punbbpunbb
1.1.4
punbbpunbb
1.1.5
punbbpunbb
1.2
punbbpunbb
1.2.1
punbbpunbb
1.2.2
punbbpunbb
1.2.3
punbbpunbb
1.2.4
punbbpunbb
1.2.5
punbbpunbb
1.2.6
punbbpunbb
1.2.7
punbbpunbb
1.2.8
punbbpunbb
1.2.9
punbbpunbb
1.2.10
punbbpunbb
1.2.11
punbbpunbb
1.2.12
punbbpunbb
1.2.13
punbbpunbb
1.2.14
punbbpunbb
1.2.15
punbbpunbb
1.2.16
punbbpunbb
1.2.17
punbbpunbb
1.2.18
punbbpunbb
1.2.19
punbbpunbb
1.2.20
punbbpunbb
1.2.21
punbbpunbb
1.2.22
punbbpunbb
1.2.23
punbbpunbb
1.3
punbbpunbb
1.3:beta
punbbpunbb
1.3:rc1
punbbpunbb
1.3:rc2
punbbpunbb
1.3:rc7
punbbpunbb
1.3.1
punbbpunbb
1.3.2
punbbpunbb
1.3.3
punbbpunbb
1.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html
http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/
http://punbb.informer.com/forums/topic/24430/punbb-136/
http://securitytracker.com/id?1026073
http://www.openwall.com/lists/oss-security/2011/09/18/1
http://www.openwall.com/lists/oss-security/2011/09/22/3
https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip
https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html
http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/
http://punbb.informer.com/forums/topic/24430/punbb-136/
http://securitytracker.com/id?1026073
http://www.openwall.com/lists/oss-security/2011/09/18/1
http://www.openwall.com/lists/oss-security/2011/09/22/3
https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip
https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d