InfopopCVEs & Vulnerabilities

9 CVEs affecting Infopop products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

ultimate bulletin board 94opentopic 1
CVE-2022-25091MEDIUM

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.

28 Apr 2023
5.3
CVSS
CVE-2005-1199HIGHpoc

SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter.

2 May 2005
7.5
CVSS
CVE-2003-1278MEDIUMpoc

Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.

31 Dec 2003
4.3
CVSS
CVE-2003-0587MEDIUM

Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.

18 Aug 2003
6.9
CVSS
CVE-2002-0223HIGH

Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension.

16 May 2002
7.5
CVSS
CVE-2002-0118HIGHpoc

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.

25 Mar 2002
7.5
CVSS
CVE-2001-0897MEDIUM

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.

15 Nov 2001
5.0
CVSS
CVE-2000-0141CRITICAL

Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.

11 Feb 2000
10.0
CVSS
CVE-1999-0854MEDIUM

Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.

1 Nov 1999
5.0
CVSS
← PrevPage 1 / 1Next →