Vulnerabilities > CVE-2004-1809 - Cross-Site Scripting vulnerability in PHPBB

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

phpbb-group

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.

Vulnerable Configurations

Part	Description	Count
Application	Phpbb_Group Phpbb Group Phpbb 2.0.0 Phpbb Group Phpbb 2.0.1 Phpbb Group Phpbb 2.0.2 Phpbb Group Phpbb 2.0.3 Phpbb Group Phpbb 2.0.4 Phpbb Group Phpbb 2.0.5 Phpbb Group Phpbb 2.0.6 Phpbb Group Phpbb 2.0.6C Phpbb Group Phpbb 2.0.6D Phpbb Group Phpbb 2.0_Rc1 Phpbb Group Phpbb 2.0_Rc2 Phpbb Group Phpbb 2.0_Rc3 Phpbb Group Phpbb 2.0_Rc4	13

Nessus

NASL family	CGI abuses : XSS
NASL id	PHPBB_XSS.NASL
description	There are cross-site scripting vulnerabilities in the files
last seen	2020-06-01
modified	2020-06-02
plugin id	12093
published	2004-03-14
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12093
title	phpBB < 2.0.7 Multiple XSS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(12093); script_version("1.25"); script_cvs_date("Date: 2018/07/24 18:56:11"); script_cve_id("CVE-2004-1809"); script_bugtraq_id(9865, 9866); script_name(english:"phpBB < 2.0.7 Multiple XSS"); script_summary(english:"XSS test"); script_set_attribute(attribute:"synopsis", value:"A remote CGI is vulnerable to cross-site scripting."); script_set_attribute(attribute:"description", value: "There are cross-site scripting vulnerabilities in the files 'ViewTopic.php' and 'ViewForum.php' in the remote installation of phpBB."); script_set_attribute(attribute:"solution", value:"Upgrade to version 2.0.7 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/03/14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe",value:"cpe:/a:phpbb_group:phpbb"); script_end_attributes(); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses : XSS"); script_dependencies("phpbb_detect.nasl", "cross_site_scripting.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/phpBB"); exit(0); } # Check starts here include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if ( get_kb_item("www/"+port+"/generic_xss") ) exit(0); kb = get_kb_item("www/" + port + "/phpBB"); if ( ! kb ) exit(0); matches = eregmatch(pattern:"(.) under (.)", string:kb); dir = matches[2]; r = http_send_recv3(method: "GET", item:dir + "/viewtopic.php?t=10&postdays=99<script>foo</script>", port:port); if (isnull(r)) exit(0); r2 = http_send_recv3(method: "GET", item:dir + "/viewforum.php?f=10&postdays=99<script>foo</script>", port:port); if (isnull(r2)) exit(0); if("<script>foo</script>" >< r[2] \|\| "<script>foo</script>" >< r2[2]) { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); }

Summary

Vulnerable Configurations

Nessus

References