Vulnerabilities > Woltlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-04-09 | CVE-2010-1339 | Cross-Site Scripting vulnerability in Robertotto Teamsite Hack Plugin Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. | 4.3 |
| 2009-09-09 | CVE-2008-7192 | Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board 3.0.1 Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472. | 6.8 |
| 2008-04-09 | CVE-2008-1717 | Information Exposure vulnerability in Woltlab Burning Board 3.0.5 WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found. | 5.0 |
| 2008-04-09 | CVE-2008-1716 | Cross-Site Scripting vulnerability in Woltlab Burning Board 3.0.5 Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message. | 4.3 |
| 2008-03-13 | CVE-2008-1323 | Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board Lite 2.0 Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action. | 6.8 |
| 2008-01-29 | CVE-2008-0472 | Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board 2.3.6Pl2 Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action. | 4.3 |
| 2007-03-14 | CVE-2007-1443 | Cross-Site Scripting vulnerability in Woltlab Burning Board and Burning Board Lite Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters. | 4.3 |
| 2006-12-05 | CVE-2006-6289 | SQL-Injection vulnerability in Woltlab Burning Board Lite 1.0.2 Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. network woltlab | 6.8 |
| 2006-08-24 | CVE-2006-4317 | HTML Injection vulnerability in Woltlab Burning Board 2.3.5 Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript. network woltlab | 6.8 |
| 2006-03-21 | CVE-2006-1324 | Cross-Site Scripting vulnerability in Woltlab Burning Board Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated. network woltlab | 6.8 |