Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
References 5 Total
- securityfocus.com: 28930 vdb-entry
- secunia.com: 29997 third-party-advisory
- exploit-db.com: 5494 exploit
- exchange.xforce.ibmcloud.com: minibb-glang-xss(42013) vdb-entry
- http://www.minibb.net/forums/9_5110_0.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- securityfocus.com: 28930 vdb-entryx_transferred
- secunia.com: 29997 third-party-advisoryx_transferred
- exploit-db.com: 5494 exploitx_transferred
- exchange.xforce.ibmcloud.com: minibb-glang-xss(42013) vdb-entryx_transferred
- http://www.minibb.net/forums/9_5110_0.html x_transferred