Home > Vulnerability Database > CVE-2011-3371

Mend.io Vulnerability Database

CVE-2011-3371

Date: October 2, 2011

Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.

Language: PHP

Severity Score

3.7

Related Resources (12)

Url: http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html

Url: http://www.openwall.com/lists/oss-security/2011/09/18/1

Url: http://punbb.informer.com/forums/topic/24430/punbb-136/

Url: https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d

Url: http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/

Url: http://securitytracker.com/id?1026073

Url: http://www.openwall.com/lists/oss-security/2011/09/22/3

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-3371

Url: http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html

Url: http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html

Url: https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip

Url: https://www.mend.io/vulnerability-database/CVE-2011-3371

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-3371

Date: October 2, 2011

Language: PHP

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?