CVE Vulnerabilities

CVE-2007-3963

Published: Jul 25, 2007 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.

Affected Software

Name Vendor Start Version End Version
Usebb Usebb 1.0.7 1.0.7
Usebb Usebb 1.0.5 1.0.5
Usebb Usebb 1.0_rc3 1.0_rc3
Usebb Usebb 1.0_rc1 1.0_rc1
Usebb Usebb 1.0.4 1.0.4
Usebb Usebb 1.0.6 1.0.6
Usebb Usebb 1.0_rc2 1.0_rc2
Usebb Usebb 1.0.1 1.0.1
Usebb Usebb 1.0.2 1.0.2
Usebb Usebb 1.0 1.0
Usebb Usebb 1.0.3 1.0.3

References