CVE-2015-1475

Published: Feb 4, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php.

Affected (3)

Products: Mylittleforum: My Little Forum

1 product

My Little Forum

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mylittleforum My Little Forum	Version 1.7
Mylittleforum My Little Forum	Version 2.2
Mylittleforum My Little Forum	Version 2.3.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://packetstormsecurity.com/files/130220/My-Little-Forum-2.3.3-2.2-1.7-Cross-Site-Scripting.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Feb/15

Source: cve@mitre.org

http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/100616

Source: cve@mitre.org

http://packetstormsecurity.com/files/130220/My-Little-Forum-2.3.3-2.2-1.7-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Feb/15

Source: af854a3a-2127-422b-91ae-364da2661108

http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/100616

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.