CVE-2008-3968

Published: Sep 11, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

Affected (20)

Products: Punbb: Punbb

1 product

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Punbb Punbb	Up to 1.2.19
Punbb Punbb	Version 1.0
Punbb Punbb	Version 1.0 alpha
Punbb Punbb	Version 1.0 beta1
Punbb Punbb	Version 1.0 beta1a
Punbb Punbb	Version 1.0 beta2
Punbb Punbb	Version 1.0 beta3
Punbb Punbb	Version 1.0 rc1
Punbb Punbb	Version 1.0 rc2
Punbb Punbb	Version 1.1.1
Punbb Punbb	Version 1.1.2
Punbb Punbb	Version 1.1.3
Punbb Punbb	Version 1.1.4
Punbb Punbb	Version 1.1.5
Punbb Punbb	Version 1.1
Punbb Punbb	Version 1.2.11
Punbb Punbb	Version 1.2.13
Punbb Punbb	Version 1.2.15
Punbb Punbb	Version 1.2.16
Punbb Punbb	Version 1.2.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt

Source: cve@mitre.org

http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/09/09/10

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/09/09/2

Source: cve@mitre.org

http://www.securityfocus.com/bid/31082

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45046

Source: cve@mitre.org

http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/09/09/10

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/09/09/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31082

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/45046

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.