Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.
References
Configurations
History
21 Nov 2024, 00:45
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html - | |
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html - | |
References | () http://secunia.com/advisories/29719 - Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/490560/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/490782/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/28678 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41714 - |
Information
Published : 2008-04-09 21:05
Updated : 2024-11-21 00:45
NVD link : CVE-2008-1716
Mitre link : CVE-2008-1716
CVE.ORG link : CVE-2008-1716
JSON object : View
Products Affected
woltlab
- burning_board
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')