CVE-2011-0455

Thingslabo Things Bbs < 2.0.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 and BBS Thread before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (7)

[Third Party Advisory] http://jvn.jp/en/jp/JVN20982938/index.html

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2011-000015

[Vendor Advisory] http://secunia.com/advisories/43524

[Patch] http://www.thingslabo.com/cgi/bbs/download.html

[Patch] http://www.thingslabo.com/cgi/bbs_thread/download.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/65852

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46638

Scores

EPSS 0.0047

EPSS Percentile 64.6%

Classification

CWE

CWE-79

Status published

Affected Products (10)

thingslabo/things_bbs < 2.0.2

thingslabo/things_bbs

thingslabo/bbs_thread < 2.0.2

thingslabo/bbs_thread

n/a/n/a

Timeline

Published Mar 03, 2011

Tracked Since Feb 18, 2026