Vulnerability Report

CVE-2013-5020

Title: Minibb Cross-Site Scripting (XSS)

XSS

Proof Of Concept

PoC Available for CVE-2013-5020

CWE Category CWE-79
Published Date Jul 31, 2013
Modified Date Apr 29, 2026
Exploit Status Available
Score 4.3 CVSS v2.0
Exploit Probability (EPSS)
0.98%

Vulnerability Summary

CVE-2013-5020: Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.

Impacted Vendors

M
minibb 1

Reference Links

http://osvdb.org/95122 http://seclists.org/fulldisclosure/2013/Jul/102 http://www.minibb.com/download.php?file=minibb_update http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html http://www.securityfocus.com/bid/61116 https://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb/ http://osvdb.org/95122 http://seclists.org/fulldisclosure/2013/Jul/102 http://www.minibb.com/download.php?file=minibb_update http://www.minibb.com/forums/news-9/minibb-3.0.1-released-stable-fixed-secured-dedicated-6059.html http://www.securityfocus.com/bid/61116 https://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-minibb/
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
4.3
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2013-5020 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/38639
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected Stack

No specific products linked.