CVE-2011-0455

Published Mar 3, 2011

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 and BBS Thread before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:thingslabo:things_bbs:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94AFD83D-5317-4E18-B439-474EE60C81E3",
            "versionEndIncluding": "2.0.2"
          },
          {
            "criteria": "cpe:2.3:a:thingslabo:things_bbs:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "622E72C6-AAFC-4749-93F0-A4445869636A"
          },
          {
            "criteria": "cpe:2.3:a:thingslabo:things_bbs:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AEB82FE-E318-4BD3-9C4E-F3E0479D2427"
          },
          {
            "criteria": "cpe:2.3:a:thingslabo:things_bbs:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B3A26E0-B6C1-4B5C-B84E-A19D79688EA4"
          },
          {
            "criteria": "cpe:2.3:a:thingslabo:things_bbs:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C99159C-9758-476F-A053-BD6424D6E90A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:thingslabo:bbs_thread:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91DC6F3F-6098-4999-8CE6-B35FCE5D21F6",
            "versionEndIncluding": "2.0.2"
          },
          {
            "criteria": "cpe:2.3:a:thingslabo:bbs_thread:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "178570D4-18B4-4DED-95EB-CA2978CC91ED"
          },
          {
            "criteria": "cpe:2.3:a:thingslabo:bbs_thread:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB248DE9-FFB9-4362-8D5D-55431CB1263A"
          },
          {
            "criteria": "cpe:2.3:a:thingslabo:bbs_thread:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "872C1B73-85B6-4D37-B3D1-A0926CC2E1A7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References