Unrated severityNVD Advisory· Published Apr 25, 2007· Updated Apr 23, 2026

CVE-2007-2235

Description

Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.

Affected products

Punbb/Punbb
cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*
Range: <=1.2.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24843nvdPatchVendor Advisory
dev.punbb.org/changeset/934nvd
dev.punbb.org/changeset/938nvd
securityreason.com/securityalert/2613nvd
www.acid-root.new.fr/advisories/13070411.txtnvd
www.securityfocus.com/archive/1/465338/100/100/threadednvd
www.securityfocus.com/archive/1/465400/100/100/threadednvd
www.vupen.com/english/advisories/2007/1362nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000