PT-2009-5520 · Stiva · Stiva Forum

Published

2009-09-16

Updated

2017-08-17

CVE-2009-3204

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Stiva Forum version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the id parameter to "demo.php" and "forum.php", and the PATH INFO to "include forum.php".

Recommendations For Stiva Forum version 1.0, avoid using the id parameter in the "demo.php" and "forum.php" API endpoints until the issue is resolved. Restrict access to the "include forum.php" module to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2009-3204

Affected Products

Stiva Forum

PT-2009-5520 · Stiva · Stiva Forum

CVE-2009-3204

Weakness Enumeration

Related Identifiers

Affected Products

References · 6