The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openbb | Openbb | 1.0.0_beta1 (including) | 1.0.0_beta1 (including) |
Openbb | Openbb | 1.0.0_rc1 (including) | 1.0.0_rc1 (including) |
Openbb | Openbb | 1.0.0_rc2 (including) | 1.0.0_rc2 (including) |
Openbb | Openbb | 1.0.0_rc3 (including) | 1.0.0_rc3 (including) |
Openbb | Openbb | 1.0.5 (including) | 1.0.5 (including) |
Openbb | Openbb | 1.0.6 (including) | 1.0.6 (including) |