Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:25
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/130220/My-Little-Forum-2.3.3-2.2-1.7-Cross-Site-Scripting.html - | |
References | () http://seclists.org/fulldisclosure/2015/Feb/15 - | |
References | () http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/ - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/100616 - |
Information
Published : 2015-02-04 16:59
Updated : 2024-11-21 02:25
NVD link : CVE-2015-1475
Mitre link : CVE-2015-1475
CVE.ORG link : CVE-2015-1475
JSON object : View
Products Affected
mylittleforum
- my_little_forum
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')