{"api_version":"1","generated_at":"2026-06-20T15:11:18+00:00","cve":"CVE-2005-0216","urls":{"html":"https://cve.report/CVE-2005-0216","api":"https://cve.report/api/cve/CVE-2005-0216.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-0216","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-0216"},"summary":{"title":"CVE-2005-0216","description":"Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-05-02 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/12199","name":"http://www.securityfocus.com/bid/12199","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"WoltLab Burning Board Lite Form Mail Script Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://marc.info/?l=bugtraq&m=110537385427004&w=2","name":"http://marc.info/?l=bugtraq&m=110537385427004&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'Security Advisory: Woltlab Burning Board Lite formmail.php XSS' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/13782","name":"http://secunia.com/advisories/13782","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Secunia - Advisories - WoltLab Burning Board Lite \"userid\" Cross-Site Scripting","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18814","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18814","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-0216","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-0216","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"216","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"woltlab","cpe5":"burning_board_lite","cpe6":"1.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"216","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"woltlab","cpe5":"burning_board_lite","cpe6":"1.0.1e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T21:05:25.059Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"13782","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/13782"},{"name":"20050108 Security Advisory: Woltlab Burning Board Lite formmail.php XSS","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=110537385427004&w=2"},{"name":"12199","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/12199"},{"name":"wbb-formmail-userid-xss(18814)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18814"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-01-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-11T16:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"13782","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/13782"},{"name":"20050108 Security Advisory: Woltlab Burning Board Lite formmail.php XSS","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=110537385427004&w=2"},{"name":"12199","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/12199"},{"name":"wbb-formmail-userid-xss(18814)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18814"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-0216","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"13782","refsource":"SECUNIA","url":"http://secunia.com/advisories/13782"},{"name":"20050108 Security Advisory: Woltlab Burning Board Lite formmail.php XSS","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=110537385427004&w=2"},{"name":"12199","refsource":"BID","url":"http://www.securityfocus.com/bid/12199"},{"name":"wbb-formmail-userid-xss(18814)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18814"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-0216","datePublished":"2005-02-06T05:00:00.000Z","dateReserved":"2005-02-01T00:00:00.000Z","dateUpdated":"2024-08-07T21:05:25.059Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-05-02 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:woltlab:burning_board_lite:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"19FEBFAB-8F11-4592-BCC8-C54B6ADE783D"},{"vulnerable":false,"criteria":"cpe:2.3:a:woltlab:burning_board_lite:1.0.1e:*:*:*:*:*:*:*","matchCriteriaId":"E35CFD5C-42EB-4D74-887A-30118A0A7D1C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"216","Ordinal":"1","Title":"CVE-2005-0216","CVE":"CVE-2005-0216","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"216","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter.","Type":"Description","Title":"CVE-2005-0216"},{"CveYear":"2005","CveId":"216","Ordinal":"2","NoteData":"2005-02-06","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"216","Ordinal":"3","NoteData":"2017-07-11","Type":"Other","Title":"Modified"}]}}}