admin
09-22-2005, 09:14 PM
PunBB
http://www.punbb.org
September 22, 2005
http://secunia.com/advisories/16908/
Description:
Two vulnerabilities have been reported in PunBB, where one has an unknown impact and the other can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed via the "forgotten e-mail" feature isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) A potential code inclusion vulnerability in the user language selection has an unknown impact.
The vulnerabilities have been reported in version 1.2.7. Prior versions may also be affected.
Solution:
Update to version 1.2.8.
http://www.punbb.org/downloads.php
Provided and/or discovered by:
The vendor credits Stefan Esser and Smartys.
http://www.punbb.org
September 22, 2005
http://secunia.com/advisories/16908/
Description:
Two vulnerabilities have been reported in PunBB, where one has an unknown impact and the other can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed via the "forgotten e-mail" feature isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) A potential code inclusion vulnerability in the user language selection has an unknown impact.
The vulnerabilities have been reported in version 1.2.7. Prior versions may also be affected.
Solution:
Update to version 1.2.8.
http://www.punbb.org/downloads.php
Provided and/or discovered by:
The vendor credits Stefan Esser and Smartys.