Vulnerabilities > Yabb > Yabb > 2000.09.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2403 | Unspecified vulnerability in Yabb Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. | 10.0 |
2004-12-31 | CVE-2004-2402 | Cross-Site Scripting vulnerability in YaBB YaBB.pl IMSend Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. network yabb | 4.3 |
2002-03-25 | CVE-2002-0117 | Unspecified vulnerability in Yabb Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. | 7.5 |
2001-01-09 | CVE-2000-1176 | Unspecified vulnerability in Yabb 20000911 Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. | 7.5 |