header-logo
Suggest Exploit
vendor:
Ultimate PHP Board
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Ultimate PHP Board
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: N/A
CPE: a:ultimate_php_board:ultimate_php_board
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux
2002

Ultimate PHP Board (UPB) Cross-Site Scripting Vulnerability

Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. By passing a malicious script code to the viewtopic.php script, UPB may return the script code to the browser of the user visiting the malicious URL. This could lead to the execution of HTML and script code in the security context of the UPB site.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6335/info

Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems.

By passing a malicious script code to the viewtopic.php script, UPB may return the script code to the browser of the user visiting the malicious URL. This could lead to the execution of HTML and script code in the security context of the UPB site.

http://example.com/phorum/viewtopic.php?id=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&t_id=2

Navigation

Suggest Exploit

Services By CQR