Lucene search

[email protected]CVE-2005-1193

HistoryMay 16, 2005 - 4:00 a.m.

CVE-2005-1193

2005-05-1604:00:00

[email protected]

web.nvd.nist.gov

cve

2005

1193

security

phpbb

remote attackers

arbitrary script

bbcode

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.063 Low

EPSS

Percentile

93.7%

JSON

The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag.

Affected configurations

NVD

Node

phpbb_groupphpbbMatch2.0.0

phpbb_groupphpbbMatch2.0.1

phpbb_groupphpbbMatch2.0.2

phpbb_groupphpbbMatch2.0.3

phpbb_groupphpbbMatch2.0.4

phpbb_groupphpbbMatch2.0.5

phpbb_groupphpbbMatch2.0.6

phpbb_groupphpbbMatch2.0.6c

phpbb_groupphpbbMatch2.0.6d

phpbb_groupphpbbMatch2.0.7

phpbb_groupphpbbMatch2.0.7a

phpbb_groupphpbbMatch2.0.8

phpbb_groupphpbbMatch2.0.8a

phpbb_groupphpbbMatch2.0.9

phpbb_groupphpbbMatch2.0.10

phpbb_groupphpbbMatch2.0.11

phpbb_groupphpbbMatch2.0.12

phpbb_groupphpbbMatch2.0.13

phpbb_groupphpbbMatch2.0.14

phpbb_groupphpbbMatch2.0_beta1

phpbb_groupphpbbMatch2.0_rc1

phpbb_groupphpbbMatch2.0_rc2

phpbb_groupphpbbMatch2.0_rc3

phpbb_groupphpbbMatch2.0_rc4

CPENameOperatorVersion
phpbb_group:phpbbphpbb group phpbbeq2.0.0
phpbb_group:phpbbphpbb group phpbbeq2.0.1
phpbb_group:phpbbphpbb group phpbbeq2.0.2
phpbb_group:phpbbphpbb group phpbbeq2.0.3
phpbb_group:phpbbphpbb group phpbbeq2.0.4
phpbb_group:phpbbphpbb group phpbbeq2.0.5
phpbb_group:phpbbphpbb group phpbbeq2.0.6
phpbb_group:phpbbphpbb group phpbbeq2.0.6c
phpbb_group:phpbbphpbb group phpbbeq2.0.6d
phpbb_group:phpbbphpbb group phpbbeq2.0.7

CPE	Name	Operator	Version
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.0
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.1
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.2
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.3
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.4
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.5
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.6
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.6c
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.6d
phpbb_group:phpbb	phpbb group phpbb	eq	2.0.7

Rows per page:

1-10 of 241

References

castlecops.com/t123194-.html

marc.info/?l=full-disclosure&m=111552510000088&w=2

seclists.org/lists/bugtraq/2005/May/0098.html

secunia.com/advisories/15298

securitytracker.com/id?1013918

securitytracker.com/id?1014117

www.kb.cert.org/vuls/id/113196

www.osvdb.org/16439

www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194

www.securityfocus.com/bid/13545

exchange.xforce.ibmcloud.com/vulnerabilities/20574

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.063 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2005-1193

securityvulns1 cvelist1 ubuntucve1 nvd1 nessus1