| VID |
210119 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The ZeroBoard XE software has a XSS vulnerability. ZeroBoard XE is a freely available, open source PHP-based bulletin board software, and widely used in Korea. Zeroboard XE versions prior to 1.4.0.9 software has a XSS vulnerability. Attackers may execute arbitrary code with the privileges of the bbs admin.
* References:
http://www.xpressengine.com/18776625
http://www.xpressengine.com/notice
http://www.xpressengine.com/?mid=download&category_srl=18322907&package_srl=18325662
* Platforms Affected:
Zeroboard XE versions 1.4.0.9 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of XpressEngine Core (1.4.0.10 or later), available from the Zeroboard XE Web site at
http://www.xpressengine.com/?mid=download&category_srl=18322907 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
