Woltlab Burning Board pms.php folderid Parameter XSS

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a PHP script which is vulnerable to a
cross-site scripting attack.

Description :

The version of Burning Board or Burning Board Lite installed on the
remote host may be prone to cross-site scripting attacks due to its
failure to properly sanitize input passed to the 'folderid' parameter
of the 'pms.php' script. An attacker may be able to exploit this flaw
to cause arbitrary HTML and script code to be run in a user's browser
within the context of the affected website.

See also :

http://www.securityfocus.com/archive/1/396858
http://www.nessus.org/u?29ed52ec

Solution :

Apply the security update referenced above.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18251 (burning_board_pms_folderid_xss.nasl)

Bugtraq ID: 13353

CVE ID: CVE-2005-1327

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial