CVE-2007-1443 (CNNVD-200703-353)

MEDIUM
中文标题:
Woltlab Burning Board (wBB)/Burning Board Lite register.php 跨站脚本攻击漏洞
英文标题:
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2...
CVSS分数: 4.3
发布时间: 2007-03-14 00:00:00
漏洞类型: 跨站脚本
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Woltlab Burning Board (wBB) 2.3.6和Burning Board Lite 1.0.2pl3e的register.php中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)r_username,(2)r_email,(3)r_password,(4)r_confirmpassword,(5)r_homepage,(6)r_icq,(7)r_aim,(8)r_yim,(9)r_msn,(10)r_year,(11)r_month, (12)r_day,(13)r_gender,(14)r_signature,(15)r_usertext,(16)r_invisible,(17)r_usecookies,(18)r_admincanemail,(19) r_emailnotify,(20)r_notificationperpm,(21)r_receivepm,(22)r_emailonpm,(23)r_pmpopup,(24)r_showsignatures,(25)r_showavatars,(26) r_showimages,(27)r_daysprune,(28)r_umaxposts,(29)r_dateformat,(30)r_timeformat,(31)r_startweek,(32)r_timezoneoffset,(33) r_usewysiwyg,(34)r_styleid,(35)r_langid,(36)key_string,(37)key_number,(38)disablesmilies,(39)disablebbcode,(40)disableimages,(41)field[1],(42)field[2]和(43)field[3]参数,注入任意的web脚本或HTML。

英文描述:

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters. NOTE: a third-party researcher has disputed some of these vectors, stating that only the r_dateformat and r_timeformat parameters in Burning Board 2.3.6 are affected.

CWE类型:
CWE-79
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
woltlab burning_board 2.3.6 - - cpe:2.3:a:woltlab:burning_board:2.3.6:*:*:*:*:*:*:*
woltlab burning_board_lite 1.0.2_pl3e - - cpe:2.3:a:woltlab:burning_board_lite:1.0.2_pl3e:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
2424 third-party-advisory
cve.org
访问
24404 third-party-advisory
cve.org
访问
ADV-2007-0856 vdb-entry
cve.org
访问
20070302 Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day mailing-list
cve.org
访问
20070302 Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day mailing-list
cve.org
访问
24386 third-party-advisory
cve.org
访问
CVSS评分详情
4.3
MEDIUM
CVSS向量: AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS版本: 2.0
机密性
NONE
完整性
PARTIAL
可用性
NONE
时间信息
发布时间:
2007-03-14 00:00:00
修改时间:
2024-08-07 12:59:08
创建时间:
2025-11-11 15:32:42
更新时间:
2025-11-11 15:49:15
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2007-1443 2025-11-11 15:17:50 2025-11-11 07:32:42
NVD nvd_CVE-2007-1443 2025-11-11 14:52:09 2025-11-11 07:41:28
CNNVD cnnvd_CNNVD-200703-353 2025-11-11 15:08:55 2025-11-11 07:49:15
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:49:15
vulnerability_type: 未提取 → 跨站脚本; cnnvd_id: 未提取 → CNNVD-200703-353; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 跨站脚本
  • cnnvd_id: 未提取 -> CNNVD-200703-353
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:28
cvss_score: 未提取 → 4.3; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:N/I:P/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 2; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • cvss_score: 未提取 -> 4.3
  • cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:N/I:P/A:N
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 2
  • data_sources: ['cve'] -> ['cve', 'nvd']