CVE-2008-2066

Minibb - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

References (11)

[Third Party Advisory, VDB Entry] http://osvdb.org/95122

[Mailing List] http://seclists.org/fulldisclosure/2013/Jul/102

[Vendor Advisory] http://secunia.com/advisories/30004

[Various Sources] http://www.minibb.com/download.php?file=minibb_update

[Various Sources] http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html

[Exploit] http://www.securityfocus.com/bid/28957

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42076

[Various Sources] https://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/491375/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/61116

[Third Party Advisory] http://securityreason.com/securityalert/3846

Scores

EPSS 0.0063

EPSS Percentile 70.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

minibb/minibb

Timeline

Published May 02, 2008

Tracked Since Feb 18, 2026