What is the severity of CVE-2009-4894?

CVE-2009-4894 is categorized as having a medium severity due to its potential for user data compromise through cross-site scripting.

How do I fix CVE-2009-4894?

To fix CVE-2009-4894, upgrade to PunBB version 1.3.4 or later, which addresses the XSS vulnerabilities.

Which versions of PunBB are affected by CVE-2009-4894?

CVE-2009-4894 affects multiple versions of PunBB prior to 1.3.4, including 1.2.1 through 1.3.3.

What types of attacks can exploit CVE-2009-4894?

CVE-2009-4894 can be exploited to perform cross-site scripting attacks, allowing attackers to inject malicious scripts.

Is user data at risk due to CVE-2009-4894?

Yes, user data is at risk because successful exploits can lead to session hijacking or unauthorized actions on behalf of users.

Vulnerability/
CVE-2009-4894

medium

4.3

CWE

15/6/2010

3/10/2022

7/8/2024

CVE-2009-4894: XSS

First published: Tue Jun 15 2010(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
PunBB	=1.2.3
PunBB	=1.2.7
PunBB	=1.2.5
PunBB	=1.0-beta3
PunBB	=1.3.1
PunBB	=1.2.10
PunBB	=1.0
PunBB	=1.2.1
PunBB	=1.1.5
PunBB	=1.3.2
PunBB	=1.1
PunBB	=1.2.21
PunBB	=1.2.14
PunBB	=1.0-beta2
PunBB	=1.2.13
PunBB	=1.0-rc2
PunBB	=1.3
PunBB	=1.0.1
PunBB	=1.1.1
PunBB	=1.2.20
PunBB	=1.2.15
PunBB	=1.2.12
PunBB	=1.0-alpha
PunBB	=1.0-rc1
PunBB	=1.0-beta1a
PunBB	<=1.3.3
PunBB	=1.1.3
PunBB	=1.2.17
PunBB	=1.2.4
PunBB	=1.2.11
PunBB	=1.0-beta1
PunBB	=1.2.8
PunBB	=1.2.2
PunBB	=1.2
PunBB	=1.2.16
PunBB	=1.1.4
PunBB	=1.2.6
PunBB	=1.2.18
PunBB	=1.2.19
PunBB	=1.1.2
PunBB	=1.2.9

Remedy

http://punbb.informer.com/forums/topic/21669/punbb-134/

Never miss a vulnerability like this again

Reference Links

http://punbb.informer.com/forums/topic/21669/punbb-134/

Frequently Asked Questions

What is the severity of CVE-2009-4894?
CVE-2009-4894 is categorized as having a medium severity due to its potential for user data compromise through cross-site scripting.
How do I fix CVE-2009-4894?
To fix CVE-2009-4894, upgrade to PunBB version 1.3.4 or later, which addresses the XSS vulnerabilities.
Which versions of PunBB are affected by CVE-2009-4894?
CVE-2009-4894 affects multiple versions of PunBB prior to 1.3.4, including 1.2.1 through 1.3.3.
What types of attacks can exploit CVE-2009-4894?
CVE-2009-4894 can be exploited to perform cross-site scripting attacks, allowing attackers to inject malicious scripts.
Is user data at risk due to CVE-2009-4894?
Yes, user data is at risk because successful exploits can lead to session hijacking or unauthorized actions on behalf of users.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/remedy
agent/references
agent/last-modified-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/punbb
canonical/punbb
version/punbb/1.3.3
version/punbb/1.0
version/punbb/1.0-alpha
version/punbb/1.0-beta1
version/punbb/1.0-beta1a
version/punbb/1.0-beta2
version/punbb/1.0-beta3
version/punbb/1.0-rc1
version/punbb/1.0-rc2
version/punbb/1.0.1
version/punbb/1.1
version/punbb/1.1.1
version/punbb/1.1.2
version/punbb/1.1.3
version/punbb/1.1.4
version/punbb/1.1.5
version/punbb/1.2
version/punbb/1.2.1
version/punbb/1.2.2
version/punbb/1.2.3
version/punbb/1.2.4
version/punbb/1.2.5
version/punbb/1.2.6
version/punbb/1.2.7
version/punbb/1.2.8
version/punbb/1.2.9
version/punbb/1.2.10
version/punbb/1.2.11
version/punbb/1.2.12
version/punbb/1.2.13
version/punbb/1.2.14
version/punbb/1.2.15
version/punbb/1.2.16
version/punbb/1.2.17
version/punbb/1.2.18
version/punbb/1.2.19
version/punbb/1.2.20
version/punbb/1.2.21
version/punbb/1.3
version/punbb/1.3.1
version/punbb/1.3.2