CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
98.4%
Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB.
Vendor | Product | Version | CPE |
---|---|---|---|
yabb | yabb | 1.40 | cpe:2.3:a:yabb:yabb:1.40:*:*:*:*:*:*:* |
yabb | yabb | 1.41 | cpe:2.3:a:yabb:yabb:1.41:*:*:*:*:*:*:* |
yabb | yabb | 1_gold_-_sp_1 | cpe:2.3:a:yabb:yabb:1_gold_-_sp_1:*:*:*:*:*:*:* |
yabb | yabb | 1_gold_-_sp_1.2 | cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.2:*:*:*:*:*:*:* |
yabb | yabb | 1_gold_-_sp_1.3 | cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3:*:*:*:*:*:*:* |
yabb | yabb | 1_gold_-_sp_1.3.1 | cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.1:*:*:*:*:*:*:* |
yabb | yabb | 1_gold_-_sp_1.3.2 | cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.2:*:*:*:*:*:*:* |
yabb | yabb | 1_gold_-_sp_1.4 | cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.4:*:*:*:*:*:*:* |
yabb | yabb | 1_gold_release | cpe:2.3:a:yabb:yabb:1_gold_release:*:*:*:*:*:*:* |
yabb | yabb | 2.0 | cpe:2.3:a:yabb:yabb:2.0:*:*:*:*:*:*:* |