CVE-2007-2235

Published: Apr 25, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.

Affected (1)

Products: Punbb: Punbb

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Punbb Punbb	Up to 1.2.14

References (16)

http://dev.punbb.org/changeset/934

Source: cve@mitre.org

http://dev.punbb.org/changeset/938

Source: cve@mitre.org

http://secunia.com/advisories/24843

Source: cve@mitre.org

PatchVendor Advisory

http://securityreason.com/securityalert/2613

Source: cve@mitre.org

http://www.acid-root.new.fr/advisories/13070411.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/465338/100/100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/465400/100/100/threaded

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1362

Source: cve@mitre.org

http://dev.punbb.org/changeset/934

Source: af854a3a-2127-422b-91ae-364da2661108

http://dev.punbb.org/changeset/938

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24843

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securityreason.com/securityalert/2613

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.acid-root.new.fr/advisories/13070411.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/465338/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/465400/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/1362

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.