Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Punbb | Punbb | 1.2.3 | 1.2.3 |
Punbb | Punbb | 1.2.7 | 1.2.7 |
Punbb | Punbb | 1.0_beta2 | 1.0_beta2 |
Punbb | Punbb | 1.2.5 | 1.2.5 |
Punbb | Punbb | 1.2.10 | 1.2.10 |
Punbb | Punbb | 1.0 | 1.0 |
Punbb | Punbb | 1.2.1 | 1.2.1 |
Punbb | Punbb | 1.1.5 | 1.1.5 |
Punbb | Punbb | 1.1 | 1.1 |
Punbb | Punbb | 1.0.1 | 1.0.1 |
Punbb | Punbb | 1.1.1 | 1.1.1 |
Punbb | Punbb | 1.0_beta3 | 1.0_beta3 |
Punbb | Punbb | 1.0_rc1 | 1.0_rc1 |
Punbb | Punbb | 1.1.3 | 1.1.3 |
Punbb | Punbb | 1.0_rc2 | 1.0_rc2 |
Punbb | Punbb | 1.0_beta1a | 1.0_beta1a |
Punbb | Punbb | 1.0_beta1 | 1.0_beta1 |
Punbb | Punbb | 1.2.4 | 1.2.4 |
Punbb | Punbb | 1.2.8 | 1.2.8 |
Punbb | Punbb | 1.2.2 | 1.2.2 |
Punbb | Punbb | 1.2 | 1.2 |
Punbb | Punbb | 1.1.4 | 1.1.4 |
Punbb | Punbb | 1.0_alpha | 1.0_alpha |
Punbb | Punbb | 1.2.6 | 1.2.6 |
Punbb | Punbb | 1.1.2 | 1.1.2 |
Punbb | Punbb | 1.2.9 | 1.2.9 |