427bb: Security Vulnerabilities
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.
CVSS Score
7.5
EPSS Score
0.127
Published
2006-01-10
SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter.
CVSS Score
7.5
EPSS Score
0.011
Published
2006-01-10
Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.
CVSS Score
4.3
EPSS Score
0.007
Published
2006-01-10
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
CVSS Score
4.3
EPSS Score
0.071
Published
2005-03-01