webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the followup parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.22 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.32 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.31 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.21 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.11 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.33 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.20 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.12 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.0 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.30 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.2 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 5.0 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.10 |
| affordable_web_space_design | affordable_web_space_design_webbbs | 4.1 |
Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| affordable_web_space_design | affordable_web_space_design_webbbs | * |