ThWboard up to 2.83 editprofile.php action cross site scripting

Summaryinfo

A vulnerability was found in ThWboard up to 2.83. It has been classified as problematic. Affected is an unknown function of the file editprofile.php. The manipulation of the argument action leads to cross site scripting. This vulnerability is traded as CVE-2005-4138. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in ThWboard up to 2.83 (Forum Software). This issue affects an unknown code block of the file editprofile.php. The manipulation of the argument action with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-80. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. Impacted is integrity. The summary by CVE is:

Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php.

The weakness was shared 12/09/2005 by trueend5 (Website). The advisory is shared at securityfocus.com. The identification of this vulnerability is CVE-2005-4138 since 12/09/2005. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1059.007 for this issue.

By approaching the search of inurl:editprofile.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 2.84 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 15763†). The entries VDB-27390, VDB-83353 and VDB-83354 are related to this item. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Forum Software

Name

• ThWboard

Version

• 2.0
• 2.1
• 2.2
• 2.3
• 2.4
• 2.5
• 2.6
• 2.7
• 2.8
• 2.9
• 2.10
• 2.11
• 2.12
• 2.13
• 2.14
• 2.15
• 2.16
• 2.17
• 2.18
• 2.19
• 2.20
• 2.21
• 2.22
• 2.23
• 2.24
• 2.25
• 2.26
• 2.27
• 2.28
• 2.29
• 2.30
• 2.31
• 2.32
• 2.33
• 2.34
• 2.35
• 2.36
• 2.37
• 2.38
• 2.39
• 2.40
• 2.41
• 2.42
• 2.43
• 2.44
• 2.45
• 2.46
• 2.47
• 2.48
• 2.49
• 2.50
• 2.51
• 2.52
• 2.53
• 2.54
• 2.55
• 2.56
• 2.57
• 2.58
• 2.59
• 2.60
• 2.61
• 2.62
• 2.63
• 2.64
• 2.65
• 2.66
• 2.67
• 2.68
• 2.69
• 2.70
• 2.71
• 2.72
• 2.73
• 2.74
• 2.75
• 2.76
• 2.77
• 2.78
• 2.79
• 2.80
• 2.81
• 2.82
• 2.83

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion