| VID |
21445 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The YaBB, according to its version number, has multiple input validation vulnerabilities. YaBB, "Yet Another Bulletin Board", is an open-source Bulletin Board system written in Perl. YaBB versions prior to 1 GOLD SP 1.3.2 could allow a remote attacker to perform a cross-site scripting attack or an HTTP splitting attack. A remote attacker may leverage a cross-site scripting flaw to execute arbitrary HTML and script code in the browser of a victim in the context of the vulnerable site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
* Note: This check solely relied on the version number of the remote YaBB software to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/12609/
http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233
* Platforms Affected:
YaBB versions prior to 1 GOLD SP 1.3.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of YaBB(1 GOLD SP 1.3.2 or later), available from the YaBB Download Web page at http://sourceforge.net/projects/yabb/ |
| Related URL |
CVE-2004-2140 (CVE) |
| Related URL |
11235 (SecurityFocus) |
| Related URL |
17461 (ISS) |
|
