Lucene search

[email protected]CVE-2004-1969

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1969

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

openbb

1.0.6

remote execution

arbitrary script

avatar upload

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

JSON

The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript.

Affected configurations

NVD

Node

openbbopenbbMatch1.0.0_beta1

openbbopenbbMatch1.0.0_rc1

openbbopenbbMatch1.0.0_rc2

openbbopenbbMatch1.0.0_rc3

openbbopenbbMatch1.0.5

openbbopenbbMatch1.0.6

References

marc.info/?l=bugtraq&m=108301983206107&w=2

secunia.com/advisories/11481

securitytracker.com/id?1009935

www.securityfocus.com/bid/10218

exchange.xforce.ibmcloud.com/vulnerabilities/15971

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2004-1969

cvelist1 nvd1