CVE-2009-2217

NBBC <1.4.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag.

References (6)

[Vendor Advisory] http://secunia.com/advisories/35520

[Patch] http://sourceforge.net/forum/message.php?msg_id=7455625

[Patch] http://sourceforge.net/forum/message.php?msg_id=7456208

[Patch] http://sourceforge.net/tracker/?func=detail&aid=2809888&group_id=235382&atid=1096820

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/51288

[Third Party Advisory, VDB Entry] http://osvdb.org/55266

Scores

EPSS 0.0047

EPSS Percentile 64.5%

Classification

CWE

CWE-79

Status published

Affected Products (17)

phantom-inker/nbbc < 1.4.1

phantom-inker/nbbc

... and 2 more

Timeline

Published Jun 25, 2009

Tracked Since Feb 18, 2026