CVE-2009-4894

Punbb < 1.3.3 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.

References (1)

Scores

EPSS 0.0026
EPSS Percentile 49.4%

Classification

CWE
CWE-79
Status published

Affected Products (42)

punbb/punbb < 1.3.3
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
punbb/punbb
... and 27 more

Timeline

Published Jun 15, 2010
Tracked Since Feb 18, 2026