2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF to 1 upgrade-0-2-3.php, 2 upgrade-0-3.php, or 3 upgrade-0-4.php in install/, a different vulnerability than...
CVE-2005-4193
CVE-2005-4193 is an XSS vulnerability in UseBB prior to 0.7, exploitable via the $_SERVER['PHP_SELF'] variable in web requests. The affected component is UseBB’s input handling that processes PHP_SELF; impact is arbitrary scripted HTML in victim pages. The provided docs do not state a fixed versi...