ID CVE-2004-0730 Type cve Reporter NVD Modified 2017-07-10T21:30:25
Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
{"id": "CVE-2004-0730", "bulletinFamily": "NVD", "title": "CVE-2004-0730", "description": "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.", "published": "2004-07-27T00:00:00", "modified": "2017-07-10T21:30:25", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0730", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/16724", "http://www.securityfocus.com/bid/10738", "http://marc.info/?l=bugtraq&m=108999024506020&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/16726", "http://www.waraxe.us/index.php?modname=sa&id=34", "https://exchange.xforce.ibmcloud.com/vulnerabilities/16725"], "cvelist": ["CVE-2004-0730"], "type": "cve", "lastseen": "2017-07-11T11:14:28", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:phpbb_group:phpbb:2.0.8a", "cpe:/a:phpbb_group:phpbb:2.0.8"], "cvelist": ["CVE-2004-0730"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.", "edition": 2, "enchantments": {}, "hash": "76f74ed07f1274d5ffcd591ed2fc0d79649ef777ccde686407583857aa84c5f1", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "23a6bf88e2315b8d3663a494c1f17c59", "key": "description"}, {"hash": "1be4cef55d32b321ce8c299dedafcf3c", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "574611d19cc731b143876895bfb1c7d3", "key": "cvelist"}, {"hash": "c7aafed8628da46bfcac5ad3e38c552b", "key": "title"}, {"hash": "f55333510a291fc6de75ce56717f0ec6", "key": "modified"}, {"hash": "e8e06e2db26aa45b138de784f455c7f3", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "a10f3864909093d34b36b86689fc0e43", "key": "href"}, {"hash": "40d36bfa15ecc773c9f99cb936b8cdeb", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0730", "id": "CVE-2004-0730", "lastseen": "2017-04-18T15:50:21", "modified": "2016-10-17T22:48:20", "objectVersion": "1.2", "published": "2004-07-27T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/16724", "http://www.securityfocus.com/bid/10738", "http://marc.info/?l=bugtraq&m=108999024506020&w=2", "http://xforce.iss.net/xforce/xfdb/16726", "http://www.waraxe.us/index.php?modname=sa&id=34", "http://xforce.iss.net/xforce/xfdb/16725"], "reporter": "NVD", "scanner": [], "title": "CVE-2004-0730", "type": "cve", "viewCount": 3}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:21"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:phpbb_group:phpbb:2.0.8a", "cpe:/a:phpbb_group:phpbb:2.0.8"], "cvelist": ["CVE-2004-0730"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.", "edition": 1, "hash": "2a2376981c4112ab67774da6f48a9521cc09bc1e47b5652763d276f15d415526", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "39c56af21fd23fb3c59e6de1922647b7", "key": "references"}, {"hash": "23a6bf88e2315b8d3663a494c1f17c59", "key": "description"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "574611d19cc731b143876895bfb1c7d3", "key": "cvelist"}, {"hash": "7266214533d0181b3580342b1e578eac", "key": "modified"}, {"hash": "c7aafed8628da46bfcac5ad3e38c552b", "key": "title"}, {"hash": "e8e06e2db26aa45b138de784f455c7f3", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "a10f3864909093d34b36b86689fc0e43", "key": "href"}, {"hash": "40d36bfa15ecc773c9f99cb936b8cdeb", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0730", "id": "CVE-2004-0730", "lastseen": "2016-09-03T04:27:07", "modified": "2008-09-05T16:39:14", "objectVersion": "1.2", "published": "2004-07-27T00:00:00", "references": ["http://marc.theaimsgroup.com/?l=bugtraq&m=108999024506020&w=2", "http://xforce.iss.net/xforce/xfdb/16724", "http://www.securityfocus.com/bid/10738", "http://xforce.iss.net/xforce/xfdb/16726", "http://www.waraxe.us/index.php?modname=sa&id=34", "http://xforce.iss.net/xforce/xfdb/16725"], "reporter": "NVD", "scanner": [], "title": "CVE-2004-0730", "type": "cve", "viewCount": 3}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T04:27:07"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e8e06e2db26aa45b138de784f455c7f3"}, {"key": "cvelist", "hash": "574611d19cc731b143876895bfb1c7d3"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "23a6bf88e2315b8d3663a494c1f17c59"}, {"key": "href", "hash": "a10f3864909093d34b36b86689fc0e43"}, {"key": "modified", "hash": "376d3c2b4c1ea620b15a8381fcbbb55f"}, {"key": "published", "hash": "40d36bfa15ecc773c9f99cb936b8cdeb"}, {"key": "references", "hash": "b2fab62a87a018b84697193b809c2076"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "c7aafed8628da46bfcac5ad3e38c552b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ff5bedff76a37b9adf5bfaaba2b13fd21a32b5787975da04826686e3569e0dcd", "viewCount": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2017-07-11T11:14:28"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:phpbb_group:phpbb:2.0.8a", "cpe:/a:phpbb_group:phpbb:2.0.8"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:20:02", "references": [], "edition": 1, "description": "## Vulnerability Description\nphpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"faq\" variable upon submission to the lang_bbcode.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\n\"register_globals\" must be enabled on the server for this to be exploited.\n## Solution Description\nUpgrade to version 2.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nphpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"faq\" variable upon submission to the lang_bbcode.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/phpbb208/faq.php?mode=bbcode&\nfaq[0][0]=f00<script>alert(document.cookie);</script>bar&faq[0][1]=waraxe\n## References:\nVendor URL: http://www.phpbb.com/\n[Vendor Specific Advisory URL](http://www.phpbb.com/support/documents.php?mode=changelog)\n[Secunia Advisory ID:12055](https://secuniaresearch.flexerasoftware.com/advisories/12055/)\n[Related OSVDB ID: 7810](https://vulners.com/osvdb/OSVDB:7810)\n[Related OSVDB ID: 7947](https://vulners.com/osvdb/OSVDB:7947)\n[Related OSVDB ID: 7811](https://vulners.com/osvdb/OSVDB:7811)\n[Related OSVDB ID: 7809](https://vulners.com/osvdb/OSVDB:7809)\n[Related OSVDB ID: 7812](https://vulners.com/osvdb/OSVDB:7812)\n[Related OSVDB ID: 7813](https://vulners.com/osvdb/OSVDB:7813)\n[Related OSVDB ID: 7815](https://vulners.com/osvdb/OSVDB:7815)\n[Related OSVDB ID: 7808](https://vulners.com/osvdb/OSVDB:7808)\n[Related OSVDB ID: 7814](https://vulners.com/osvdb/OSVDB:7814)\nOther Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=34\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0170.html\n[CVE-2004-0730](https://vulners.com/cve/CVE-2004-0730)\n", "reporter": "Janek Vind \"waraxe\"(come2waraxe@yahoo.com)", "published": "2004-07-13T09:15:10", "type": "osvdb", "title": "phpBB lang_bbcode.php faq Variable XSS", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "phpBB", "version": "2.0.7", "operator": "eq"}, {"name": "phpBB", "version": "2.0.2", "operator": "eq"}, {"name": "phpBB", "version": "2.0.5", "operator": "eq"}, {"name": "phpBB", "version": "2.0.8", "operator": "eq"}, {"name": "phpBB", "version": "2.0.3", "operator": "eq"}, {"name": "phpBB", "version": "2.0.4", "operator": "eq"}, {"name": "phpBB", "version": "2.0.0", "operator": "eq"}, {"name": "phpBB", "version": "2.0.1", "operator": "eq"}, {"name": "phpBB", "version": "2.0.6", "operator": "eq"}], "cvelist": ["CVE-2004-0730"], "modified": "2004-07-13T09:15:10", "href": "https://vulners.com/osvdb/OSVDB:7948", "id": "OSVDB:7948", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:02", "references": [], "edition": 1, "description": "## Vulnerability Description\nphpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"faq\" variable upon submission to the lang_faq.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\n\"register_globals\" must be enabled on the server for this to be exploited.\n## Solution Description\nUpgrade to version 2.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nphpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"faq\" variable upon submission to the lang_faq.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/phpbb208/faq.php?\nfaq[0][0]=f00<script>alert(document.cookie);</script>bar&faq[0][1]=waraxe\n## References:\nVendor URL: http://www.phpbb.com/\n[Vendor Specific Advisory URL](http://www.phpbb.com/support/documents.php?mode=changelog)\n[Secunia Advisory ID:12055](https://secuniaresearch.flexerasoftware.com/advisories/12055/)\n[Related OSVDB ID: 7810](https://vulners.com/osvdb/OSVDB:7810)\n[Related OSVDB ID: 7948](https://vulners.com/osvdb/OSVDB:7948)\n[Related OSVDB ID: 7811](https://vulners.com/osvdb/OSVDB:7811)\n[Related OSVDB ID: 7809](https://vulners.com/osvdb/OSVDB:7809)\n[Related OSVDB ID: 7812](https://vulners.com/osvdb/OSVDB:7812)\n[Related OSVDB ID: 7813](https://vulners.com/osvdb/OSVDB:7813)\n[Related OSVDB ID: 7815](https://vulners.com/osvdb/OSVDB:7815)\n[Related OSVDB ID: 7808](https://vulners.com/osvdb/OSVDB:7808)\n[Related OSVDB ID: 7814](https://vulners.com/osvdb/OSVDB:7814)\nOther Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=34\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0170.html\n[CVE-2004-0730](https://vulners.com/cve/CVE-2004-0730)\n", "reporter": "Janek Vind \"waraxe\"(come2waraxe@yahoo.com)", "published": "2004-07-13T09:15:10", "type": "osvdb", "title": "phpBB lang_faq.php faq Variable XSS", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "phpBB", "version": "2.0.7", "operator": "eq"}, {"name": "phpBB", "version": "2.0.2", "operator": "eq"}, {"name": "phpBB", "version": "2.0.5", "operator": "eq"}, {"name": "phpBB", "version": "2.0.8", "operator": "eq"}, {"name": "phpBB", "version": "2.0.3", "operator": "eq"}, {"name": "phpBB", "version": "2.0.4", "operator": "eq"}, {"name": "phpBB", "version": "2.0.0", "operator": "eq"}, {"name": "phpBB", "version": "2.0.1", "operator": "eq"}, {"name": "phpBB", "version": "2.0.6", "operator": "eq"}], "cvelist": ["CVE-2004-0730"], "modified": "2004-07-13T09:15:10", "href": "https://vulners.com/osvdb/OSVDB:7947", "id": "OSVDB:7947", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:50:49", "references": [], "pluginID": "13840", "description": "The remote host is running a version of phpBB older than 2.0.10.\n\nphpBB contains a flaw that allows a remote cross-site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'search_author' parameter.\n\nThis version is also vulnerable to an HTTP response splitting attack that permits the injection of CRLF characters in the HTTP headers.", "edition": 5, "reporter": "Tenable", "published": "2004-07-26T00:00:00", "title": "phpBB < 2.0.10 Multiple XSS", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CGI abuses : XSS", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2055", "CVE-2004-0730", "CVE-2004-2054"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:phpbb_group:phpbb"], "id": "PHPBB_SEARCH_AUTHOR_XSS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13840", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13840);\n script_version(\"1.29\");\n\n script_cve_id(\"CVE-2004-0730\", \"CVE-2004-2054\", \"CVE-2004-2055\");\n script_bugtraq_id(\n 10738, \n 10753, \n 10754, \n 10883\n );\n\n script_name(english:\"phpBB < 2.0.10 Multiple XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"A remote web application is vulnerable to cross-site scripting.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of phpBB older than 2.0.10.\n\nphpBB contains a flaw that allows a remote cross-site scripting attack. \nThis flaw exists because the application does not validate user-supplied \ninput in the 'search_author' parameter.\n\nThis version is also vulnerable to an HTTP response splitting attack\nthat permits the injection of CRLF characters in the HTTP headers.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to 2.0.10 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/07/13\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:phpbb_group:phpbb\");\nscript_end_attributes();\n\n \n script_summary(english:\"Check for phpBB version\");\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n \n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"phpbb_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/phpBB\");\n exit(0);\n}\n\n# Check starts here\n\ninclude(\"http_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nkb = get_kb_item(\"www/\" + port + \"/phpBB\");\nif ( ! kb ) exit(0);\nmatches = eregmatch(pattern:\"(.*) under (.*)\", string:kb);\nversion = matches[1];\nif ( ereg(pattern:\"^([01]\\.|2\\.0\\.[0-9]([^0-9]|$))\", string:version) )\n{\n\tsecurity_warning ( port );\n\tset_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
