Vulnerabilities > CVE-2005-1614 - Cross-Site Scripting vulnerability in Ultimate PHP Board
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | Ultimate PHP Board 1.8/1.9 ViewForum.PHP Cross-Site Scripting Vulnerability. CVE-2005-1614. Webapps exploit for php platform |
id | EDB-ID:25654 |
last seen | 2016-02-03 |
modified | 2005-05-13 |
published | 2005-05-13 |
reporter | Morinex Eneco |
source | https://www.exploit-db.com/download/25654/ |
title | Ultimate PHP Board 1.8/1.9 ViewForum.PHP Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | UPD_XSS_SQL_INJECTION.NASL |
description | The remote host is running Ultimate PHP Board (UPB). The remote version of this software is vulnerable to cross-site scripting attacks, and SQL injection flaws. Using a specially crafted URL, an attacker may execute arbitrary commands against the remote SQL database or use the remote server to set up a cross-site scripting attack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18260 |
published | 2005-05-14 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18260 |
title | Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities |
code |
|