Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Postboard | Postboard | 2.0 (including) | 2.0 (including) |
| Postboard | Postboard | 2.0.1 (including) | 2.0.1 (including) |
| Postnuke | Postnuke_software_foundation | 0.64 (including) | 0.64 (including) |
| Postnuke | Postnuke_software_foundation | 0.70 (including) | 0.70 (including) |
| Postnuke | Postnuke_software_foundation | 0.71 (including) | 0.71 (including) |
| Postnuke | Postnuke_software_foundation | 0.703 (including) | 0.703 (including) |
References
- http://online.securityfocus.com/archive/1/267936
- http://www.iss.net/security_center/static/8881.php
- http://www.securityfocus.com/bid/4559
- http://www.securityfocus.com/bid/4561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8884
- http://online.securityfocus.com/archive/1/267936
- http://www.iss.net/security_center/static/8881.php
- http://www.securityfocus.com/bid/4559
- http://www.securityfocus.com/bid/4561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8884