CVE-2007-0398

Properties

Published:
21.01.2007
Updated:
30.03.2007
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
MisterSP: a-forum

Vulnerability description

Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/457503/100/0/threaded
VIM: http://www.attrition.org/pipermail/vim/2007-January/001249.html
XF: http://xforce.iss.net/xforce/xfdb/31610