Lucene search

[email protected]CVE-2004-1862

HistoryMar 26, 2004 - 5:00 a.m.

CVE-2004-1862

2004-03-2605:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

1862

xss

vulnerabilities

extreme messageboard

xmb

remote attackers

web script

html

injection

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.015 Low

EPSS

Percentile

86.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.

CPENameOperatorVersion
xmb_forum:xmbxmb forum xmbeq1.9_beta
xmb_forum:xmbxmb forum xmbeq1.8_sp3

CPE	Name	Operator	Version
xmb_forum:xmb	xmb forum xmb	eq	1.9_beta
xmb_forum:xmb	xmb forum xmb	eq	1.8_sp3

References

marc.info/?l=bugtraq&m=108032355905265&w=2

osvdb.org/14983

osvdb.org/14985

osvdb.org/14986

osvdb.org/14987

osvdb.org/14988

secunia.com/advisories/11230

www.securityfocus.com/bid/9983

docs.xmbforum2.com/index.php?title=Security_Issue_History

exchange.xforce.ibmcloud.com/vulnerabilities/15654

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.015 Low

EPSS

Percentile

86.9%

JSON