CVE-2011-3371 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id (2) form_sent (3) csrf_token (4) req_confirm or (5) delete parameter to delete.php the (6) id (7) form_sent (8) csrf_token (9) req_message or (10) submit parameter to edit.php the (11) action (12) form_sent (13) csrf_token (14) req_email or (15) request_pass parameter to login.php the (16) email (17) form_sent (18) redirect_url (19) csrf_token (20) req_subject (21) req_message or (22) submit parameter to misc.php the (23) action (24) id (25) form_sent (26) csrf_token (27) req_old_password (28) req_new_password1 (29) req_new_password2 or (30) update parameter to profile.php or the (31) action (32) form_sent (33) csrf_token (34) req_username (35) req_password1 (36) req_password2 (37) req_email1 (38) timezone or (39) register parameter to register.php.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/ http://punbb.informer.com/forums/topic/24430/punbb-136/ http://securitytracker.com/id?1026073 http://www.openwall.com/lists/oss-security/2011/09/18/1 http://www.openwall.com/lists/oss-security/2011/09/22/3 https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id (2) form_sent (3) csrf_token (4) req_confirm or (5) delete parameter to delete.php the (6) id (7) form_sent (8) csrf_token (9) req_message or (10) submit parameter to edit.php the (11) action (12) form_sent (13) csrf_token (14) req_email or (15) request_pass parameter to login.php the (16) email (17) form_sent (18) redirect_url (19) csrf_token (20) req_subject (21) req_message or (22) submit parameter to misc.php the (23) action (24) id (25) form_sent (26) csrf_token (27) req_old_password (28) req_new_password1 (29) req_new_password2 or (30) update parameter to profile.php or the (31) action (32) form_sent (33) csrf_token (34) req_username (35) req_password1 (36) req_password2 (37) req_email1 (38) timezone or (39) register parameter to register.php.