CVE-2005-2057

Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php.

Published: Jun 29, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2057
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ubbcentral / ubb.threads	6.5	6.5.x
ubbcentral / ubb.threads	6.5.1	6.5.1.x
ubbcentral / ubb.threads	6.1	6.1.x
ubbcentral / ubb.threads	6.2.1	6.2.1.x
ubbcentral / ubb.threads	6.0.1	6.0.1.x
ubbcentral / ubb.threads	6.4.4	6.4.4.x
ubbcentral / ubb.threads	6.4.3	6.4.3.x
ubbcentral / ubb.threads	6.4.2	6.4.2.x
ubbcentral / ubb.threads	6.4.1	6.4.1.x
ubbcentral / ubb.threads	6.2.2	6.2.2.x
ubbcentral / ubb.threads	6.2	6.2.x
ubbcentral / ubb.threads	6.5.1.1	6.5.1.1.x
ubbcentral / ubb.threads	6.0.3	6.0.3.x
ubbcentral / ubb.threads	6.1.1	6.1.1.x
ubbcentral / ubb.threads	6.4	6.4.x
ubbcentral / ubb.threads	6.3.1	6.3.1.x
ubbcentral / ubb.threads	6.0.2	6.0.2.x
ubbcentral / ubb.threads	6.3	6.3.x
ubbcentral / ubb.threads	6.2.3	6.2.3.x
ubbcentral / ubb.threads	6.0	6.0.x

Vulnerability Database

289,599

CVE-2005-2057