Vulnerabilities > CVE-2007-3963 - Cross-Site Scripting vulnerability in UseBB PHP_SELF

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

usebb

critical

exploit available

NVD

Published: 2007-07-25

Updated: 2018-10-15

Summary

Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.

Vulnerable Configurations

Part	Description	Count
Application	Usebb Usebb Usebb 1.0 Usebb Usebb 1.0.1 Usebb Usebb 1.0.2 Usebb Usebb 1.0.3 Usebb Usebb 1.0.4 Usebb Usebb 1.0.5 Usebb Usebb 1.0.6 Usebb Usebb 1.0.7 Usebb Usebb 1.0_Rc1 Usebb Usebb 1.0_Rc2 Usebb Usebb 1.0_Rc3	11

Exploit-Db

description	UseBB 1.0.7 install/upgrade-0-2-3.php PHP_SELF Parameter XSS. CVE-2007-3963. Webapps exploit for php platform
id	EDB-ID:30323
last seen	2016-02-03
modified	2007-07-20
published	2007-07-20
reporter	s4mi
source	https://www.exploit-db.com/download/30323/
title	UseBB 1.0.7 install/upgrade-0-2-3.php PHP_SELF Parameter XSS

description	UseBB 1.0.7 install/upgrade-0-3.php PHP_SELF Parameter XSS. CVE-2007-3963. Webapps exploit for php platform
id	EDB-ID:30324
last seen	2016-02-03
modified	2007-07-20
published	2007-07-20
reporter	s4mi
source	https://www.exploit-db.com/download/30324/
title	UseBB 1.0.7 install/upgrade-0-3.php PHP_SELF Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References