CVE-2011-3371: XSS
First published: Sun Oct 02 2011(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PunBB | =1.2.3 | |
| PunBB | =1.2.7 | |
| PunBB | =1.2.5 | |
| PunBB | =1.0-beta3 | |
| PunBB | =1.3.1 | |
| PunBB | =1.2.10 | |
| PunBB | =1.0 | |
| PunBB | =1.2.1 | |
| PunBB | =1.1.5 | |
| PunBB | =1.3.4 | |
| PunBB | =1.3-beta | |
| PunBB | =1.3.2 | |
| PunBB | =1.1 | |
| PunBB | =1.2.21 | |
| PunBB | =1.2.14 | |
| PunBB | =1.0-beta2 | |
| PunBB | =1.2.13 | |
| PunBB | =1.2.23 | |
| PunBB | =1.0-rc2 | |
| PunBB | =1.3 | |
| PunBB | =1.0.1 | |
| PunBB | =1.1.1 | |
| PunBB | =1.2.20 | |
| PunBB | =1.2.15 | |
| PunBB | =1.2.12 | |
| PunBB | =1.0-alpha | |
| PunBB | =1.3-rc1 | |
| PunBB | =1.0-rc1 | |
| PunBB | =1.0-beta1a | |
| PunBB | =1.1.3 | |
| PunBB | =1.2.17 | |
| PunBB | =1.2.4 | |
| PunBB | =1.2.11 | |
| PunBB | =1.0-beta1 | |
| PunBB | =1.2.8 | |
| PunBB | =1.3-rc7 | |
| PunBB | =1.3.3 | |
| PunBB | =1.2.22 | |
| PunBB | =1.2.2 | |
| PunBB | =1.2 | |
| PunBB | =1.2.16 | |
| PunBB | =1.3-rc2 | |
| PunBB | =1.1.4 | |
| PunBB | =1.2.6 | |
| PunBB | =1.2.18 | |
| PunBB | =1.2.19 | |
| PunBB | <=1.3.5 | |
| PunBB | =1.1.2 | |
| PunBB | =1.2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://punbb.informer.com/forums/topic/24430/punbb-136/
- http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html
- http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html
- http://securitytracker.com/id?1026073
- https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d
- https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip
- http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/
- http://www.openwall.com/lists/oss-security/2011/09/22/3
- http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html
- http://www.openwall.com/lists/oss-security/2011/09/18/1
Frequently Asked Questions
What are the consequences of CVE-2011-3371?
CVE-2011-3371 can allow remote attackers to execute arbitrary JavaScript or HTML in the context of the victim's session through cross-site scripting (XSS).
Which versions of PunBB are affected by CVE-2011-3371?
PunBB versions prior to 1.3.6, including 1.0 to 1.3.5, are affected by CVE-2011-3371.
How do I mitigate CVE-2011-3371?
To mitigate CVE-2011-3371, upgrade your PunBB installation to version 1.3.6 or later.
Is CVE-2011-3371 a critical vulnerability?
CVE-2011-3371 is considered to have a moderate severity due to the potential for XSS attacks.
What are the specific parameters involved in CVE-2011-3371?
CVE-2011-3371 involves multiple parameters including id, form_sent, csrf_token, req_confirm, and delete in the delete.php file.
- agent/references
- agent/weakness
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/punbb
- canonical/punbb
- version/punbb/1.2.3
- version/punbb/1.2.7
- version/punbb/1.2.5
- version/punbb/1.0-beta3
- version/punbb/1.3.1
- version/punbb/1.2.10
- version/punbb/1.0
- version/punbb/1.2.1
- version/punbb/1.1.5
- version/punbb/1.3.4
- version/punbb/1.3-beta
- version/punbb/1.3.2
- version/punbb/1.1
- version/punbb/1.2.21
- version/punbb/1.2.14
- version/punbb/1.0-beta2
- version/punbb/1.2.13
- version/punbb/1.2.23
- version/punbb/1.0-rc2
- version/punbb/1.3
- version/punbb/1.0.1
- version/punbb/1.1.1
- version/punbb/1.2.20
- version/punbb/1.2.15
- version/punbb/1.2.12
- version/punbb/1.0-alpha
- version/punbb/1.3-rc1
- version/punbb/1.0-rc1
- version/punbb/1.0-beta1a
- version/punbb/1.1.3
- version/punbb/1.2.17
- version/punbb/1.2.4
- version/punbb/1.2.11
- version/punbb/1.0-beta1
- version/punbb/1.2.8
- version/punbb/1.3-rc7
- version/punbb/1.3.3
- version/punbb/1.2.22
- version/punbb/1.2.2
- version/punbb/1.2
- version/punbb/1.2.16
- version/punbb/1.3-rc2
- version/punbb/1.1.4
- version/punbb/1.2.6
- version/punbb/1.2.18
- version/punbb/1.2.19
- version/punbb/1.3.5
- version/punbb/1.1.2
- version/punbb/1.2.9