CVE-2003-1277

2022-10-0316:15:43

mitre

www.cve.org

cross-site scripting

yabb

remote attackers

execute arbitrary script

steal authentication information

injection

html

script

news_icon

news_template.php

threadid

subject

index.html

6.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html

References

www.iss.net/security_center/static/10989.php

www.iss.net/security_center/static/10990.php

www.securiteam.com/unixfocus/5BP051F8VE.html

www.securiteam.com/unixfocus/5BP061F8US.html