Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Yabb | Yabb | 1.40 (including) | 1.40 (including) |
Yabb | Yabb | 1.41 (including) | 1.41 (including) |
Yabb | Yabb | 1_gold_-_sp_1 (including) | 1_gold_-_sp_1 (including) |
Yabb | Yabb | 1_gold_-_sp_1.2 (including) | 1_gold_-_sp_1.2 (including) |
Yabb | Yabb | 1_gold_-_sp_1.3 (including) | 1_gold_-_sp_1.3 (including) |
Yabb | Yabb | 1_gold_-_sp_1.3.1 (including) | 1_gold_-_sp_1.3.1 (including) |
Yabb | Yabb | 1_gold_-_sp_1.3.2 (including) | 1_gold_-_sp_1.3.2 (including) |
Yabb | Yabb | 1_gold_release (including) | 1_gold_release (including) |
Yabb | Yabb | 2000-09-01 (including) | 2000-09-01 (including) |
Yabb | Yabb | 2000-09-11 (including) | 2000-09-11 (including) |