CVE-2003-1277: XSS
First published: Wed Dec 31 2003(Updated: )
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yabb | =1.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1277?
CVE-2003-1277 is considered a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2003-1277?
To fix CVE-2003-1277, upgrade to a patched version of YaBB that addresses the XSS vulnerabilities.
What systems are affected by CVE-2003-1277?
CVE-2003-1277 specifically affects YaBB version 1.5.0.
What types of attacks can CVE-2003-1277 facilitate?
CVE-2003-1277 can facilitate cross-site scripting attacks, allowing attackers to execute arbitrary scripts as other users.
How can CVE-2003-1277 impact user security?
CVE-2003-1277 can impact user security by enabling attackers to potentially steal authentication information via cookies.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/yabb
- canonical/yabb yabb
- version/yabb yabb/1.5.0