Vulnerabilities > CVE-2005-0526 - Cross-Site Scripting vulnerability in Pblang 4.65
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | PBLANG_XSS.NASL |
description | According to its banner, the remote host is running a version of PBLang BBS, a bulletin board system written in PHP, that suffers from the following vulnerabilities: - HTML Injection Vulnerability in pmpshow.php. An attacker can inject arbitrary HTML and script into the body of PMs sent to users allowing for theft of authentication cookies or misrepresentation of the site. - Cross-Site Scripting Vulnerability in search.php. If an attacker can trick a user into following a specially crafted link to search.php from an affected version of PBLang, he can inject arbitrary script into the user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17209 |
published | 2005-02-24 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17209 |
title | PBLang BBS <= 4.65 Multiple Vulnerabilities |