CVE Tools

punbb

Web & CMS Pluginsoss-project

32

Cumulative CVEs

14

Monthly snapshots

#13

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting punbb.

CVE-2011-3371Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) c...4.3Oct 2, 2011
CVE-2009-4894Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.4.3Jun 15, 2010
CVE-2010-0455Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.4.3Jan 28, 2010
CVE-2008-7241Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced ...6.8Sep 17, 2009
CVE-2008-6308Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pu...5.1Feb 27, 2009
CVE-2008-5435Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.4.3Dec 11, 2008
CVE-2008-5434Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/us...6.5Dec 11, 2008
CVE-2008-5433Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.4.3Dec 11, 2008
CVE-2008-3968Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.4.3Sep 10, 2008
CVE-2008-3336Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) mo...4.3Jul 27, 2008
CVE-2008-3335Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.10.0Jul 27, 2008
CVE-2008-1485Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.4.3Mar 24, 2008
CVE-2008-1484The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute fo...3.5Mar 24, 2008
CVE-2007-2236footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of...6.8Apr 25, 2007
CVE-2007-2235Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) ...4.3Apr 25, 2007