Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Usebb | Usebb | 0.1 (including) | 0.1 (including) |
| Usebb | Usebb | 0.1.1 (including) | 0.1.1 (including) |
| Usebb | Usebb | 0.2 (including) | 0.2 (including) |
| Usebb | Usebb | 0.2.1 (including) | 0.2.1 (including) |
| Usebb | Usebb | 0.2.2 (including) | 0.2.2 (including) |
| Usebb | Usebb | 0.2.3 (including) | 0.2.3 (including) |
| Usebb | Usebb | 0.2.3a (including) | 0.2.3a (including) |
| Usebb | Usebb | 0.3 (including) | 0.3 (including) |
| Usebb | Usebb | 0.3.1 (including) | 0.3.1 (including) |
| Usebb | Usebb | 0.3.2 (including) | 0.3.2 (including) |
| Usebb | Usebb | 0.4 (including) | 0.4 (including) |
| Usebb | Usebb | 0.4.1 (including) | 0.4.1 (including) |
| Usebb | Usebb | 0.5 (including) | 0.5 (including) |
| Usebb | Usebb | 0.5.1 (including) | 0.5.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=112264706213040\u0026w=2
- http://www.hardened-php.net/advisory_122005.60.html
- http://www.securityfocus.com/bid/14412
- http://www.usebb.net/community/topic.php?id=605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21651
- http://marc.info/?l=bugtraq\u0026m=112264706213040\u0026w=2
- http://www.hardened-php.net/advisory_122005.60.html
- http://www.securityfocus.com/bid/14412
- http://www.usebb.net/community/topic.php?id=605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21651