Vulnerabilities > CVE-2005-2057 - Cross-Site Scripting vulnerability in UBB.threads
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses |
| NASL id | UBBTHREADS_PRINTTHREAD_SQL_INJECTION.NASL |
| description | The remote host is running a version of UBB.threads that suffers from multiple vulnerabilities due to insufficient input validation - local file inclusion, HTTP response splitting, SQL injection, and cross-site scripting. These flaws may allow an attacker to completely compromise the affected installation of UBB.threads. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 18098 |
| published | 2005-04-20 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/18098 |
| title | UBB.threads < 6.5.2 beta Multiple Vulnerabilities |