Vulnerabilities > CVE-2005-0526 - Cross-Site Scripting vulnerability in Pblang 4.65

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
pblang
nessus

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php.

Vulnerable Configurations

Part Description Count
Application
Pblang
1

Nessus

NASL familyCGI abuses
NASL idPBLANG_XSS.NASL
descriptionAccording to its banner, the remote host is running a version of PBLang BBS, a bulletin board system written in PHP, that suffers from the following vulnerabilities: - HTML Injection Vulnerability in pmpshow.php. An attacker can inject arbitrary HTML and script into the body of PMs sent to users allowing for theft of authentication cookies or misrepresentation of the site. - Cross-Site Scripting Vulnerability in search.php. If an attacker can trick a user into following a specially crafted link to search.php from an affected version of PBLang, he can inject arbitrary script into the user
last seen2020-06-01
modified2020-06-02
plugin id17209
published2005-02-24
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17209
titlePBLang BBS <= 4.65 Multiple Vulnerabilities