ID CVE-2004-2055 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:31:00
Description
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
{"openvas": [{"lastseen": "2017-12-08T11:44:08", "bulletinFamily": "scanner", "description": "The remote host is running a version of phpBB older than 2.0.10.\n\nphpBB contains a flaw that allows a remote cross site scripting attack. \nThis flaw exists because the application does not validate user-supplied \ninput in the 'search_author' parameter.\n\nThis version is also vulnerable to a HTTP response splitting vulnerability\nwhich permits the injection of CRLF characters in the HTTP headers.", "modified": "2017-12-07T00:00:00", "published": "2005-11-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=13840", "id": "OPENVAS:13840", "title": "phpBB < 2.0.10", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: phpbb_search_author_xss.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: phpBB < 2.0.10\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is running a version of phpBB older than 2.0.10.\n\nphpBB contains a flaw that allows a remote cross site scripting attack. \nThis flaw exists because the application does not validate user-supplied \ninput in the 'search_author' parameter.\n\nThis version is also vulnerable to a HTTP response splitting vulnerability\nwhich permits the injection of CRLF characters in the HTTP headers.\";\n\ntag_solution = \"Upgrade to 2.0.10 or later.\";\n\nif(description)\n{\n script_id(13840);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2004-2054\", \"CVE-2004-2055\");\n script_bugtraq_id(10738, 10753, 10754, 10883);\n script_xref(name:\"OSVDB\", value:\"8164\");\n\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n name = \"phpBB < 2.0.10\";\n script_name(name);\n \n\n\n \n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n \n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n \n family = \"Web application abuses\";\n script_family(family);\n script_dependencies(\"phpbb_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n# Check starts here\n\ninclude(\"http_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nkb = get_kb_item(\"www/\" + port + \"/phpBB\");\nif ( ! kb ) exit(0);\nmatches = eregmatch(pattern:\"(.*) under (.*)\", string:kb);\nversion = matches[1];\nif ( ereg(pattern:\"^([01]\\.|2\\.0\\.[0-9]([^0-9]|$))\", string:version) )\n\tsecurity_message ( port );\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:32:02", "bulletinFamily": "scanner", "description": "The remote host is running a version of phpBB older than 2.0.10.\n\n phpBB contains a flaw that allows a remote cross site scripting attack.\n This flaw exists because the application does not validate user-supplied\n input in the ", "modified": "2019-03-04T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231013840", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231013840", "title": "phpBB < 2.0.10 Multiple Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: phpbb_search_author_xss.nasl 13975 2019-03-04 09:32:08Z cfischer $\n#\n# phpBB < 2.0.10 Multiple Vulnerabilities\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpbb:phpbb\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.13840\");\n script_version(\"$Revision: 13975 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-04 10:32:08 +0100 (Mon, 04 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2004-2054\", \"CVE-2004-2055\");\n script_bugtraq_id(10738, 10753, 10754, 10883);\n script_xref(name:\"OSVDB\", value:\"8164\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"phpBB < 2.0.10 Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n script_family(\"Web application abuses\");\n script_dependencies(\"phpbb_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpBB/installed\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 2.0.10 or later.\");\n\n script_tag(name:\"summary\", value:\"The remote host is running a version of phpBB older than 2.0.10.\n\n phpBB contains a flaw that allows a remote cross site scripting attack.\n This flaw exists because the application does not validate user-supplied\n input in the 'search_author' parameter.\n\n This version is also vulnerable to a HTTP response splitting vulnerability\n which permits the injection of CRLF characters in the HTTP headers.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( ereg( pattern:\"^([01]\\.|2\\.0\\.[0-9]([^0-9]|$))\", string:vers ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.0.10\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:07:57", "bulletinFamily": "scanner", "description": "The remote host is running a version of phpBB older than 2.0.10.\n\nphpBB contains a flaw that allows a remote cross-site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'search_author' parameter.\n\nThis version is also vulnerable to an HTTP response splitting attack that permits the injection of CRLF characters in the HTTP headers.", "modified": "2018-07-24T00:00:00", "id": "PHPBB_SEARCH_AUTHOR_XSS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13840", "published": "2004-07-26T00:00:00", "title": "phpBB < 2.0.10 Multiple XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13840);\n script_version(\"1.29\");\n\n script_cve_id(\"CVE-2004-0730\", \"CVE-2004-2054\", \"CVE-2004-2055\");\n script_bugtraq_id(\n 10738, \n 10753, \n 10754, \n 10883\n );\n\n script_name(english:\"phpBB < 2.0.10 Multiple XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"A remote web application is vulnerable to cross-site scripting.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of phpBB older than 2.0.10.\n\nphpBB contains a flaw that allows a remote cross-site scripting attack. \nThis flaw exists because the application does not validate user-supplied \ninput in the 'search_author' parameter.\n\nThis version is also vulnerable to an HTTP response splitting attack\nthat permits the injection of CRLF characters in the HTTP headers.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to 2.0.10 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/07/13\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:phpbb_group:phpbb\");\nscript_end_attributes();\n\n \n script_summary(english:\"Check for phpBB version\");\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n \n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"phpbb_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/phpBB\");\n exit(0);\n}\n\n# Check starts here\n\ninclude(\"http_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nkb = get_kb_item(\"www/\" + port + \"/phpBB\");\nif ( ! kb ) exit(0);\nmatches = eregmatch(pattern:\"(.*) under (.*)\", string:kb);\nversion = matches[1];\nif ( ereg(pattern:\"^([01]\\.|2\\.0\\.[0-9]([^0-9]|$))\", string:version) )\n{\n\tsecurity_warning ( port );\n\tset_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
