Vulnerabilities > Punbb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-02 | CVE-2011-3371 | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. | 4.3 |
| 2010-06-15 | CVE-2009-4894 | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. | 4.3 |
| 2010-01-28 | CVE-2010-0455 | Cross-Site Scripting vulnerability in Punbb 1.3 Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter. | 4.3 |
| 2009-09-17 | CVE-2008-7241 | Cross-Site Request Forgery (CSRF) vulnerability in Punbb Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout. | 6.8 |
| 2009-08-17 | CVE-2009-2787 | Path Traversal vulnerability in Reputation 2.0.4/2.2.3 Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-02-27 | CVE-2008-6308 | Path Traversal vulnerability in Punbb Private Messaging System 1.2.0/1.2.1/1.2.2 Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. | 5.1 |
| 2008-12-11 | CVE-2008-5435 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. | 4.3 |
| 2008-12-11 | CVE-2008-5434 | SQL Injection vulnerability in Punbb 1.3/1.3.1 Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. | 6.5 |
| 2008-12-11 | CVE-2008-5433 | Cross-Site Scripting vulnerability in Punbb 1.3/1.3.1 Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field. | 4.3 |
| 2008-12-10 | CVE-2008-5418 | Path Traversal vulnerability in Justin ROY Punportal Module 1.0 Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |