Lucene search

[email protected]CVE-2005-3688

HistoryNov 19, 2005 - 1:03 a.m.

CVE-2005-3688

2005-11-1901:03:00

[email protected]

web.nvd.nist.gov

cross-site scripting

xss

vulnerability

xmb 1.9.3

remote attackers

injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the “Your Current Mood” field in the registration page.

Affected configurations

NVD

Node

xmb_forumxmbRange≤1.9.3

xmb_forumxmbMatch1.8_sp1

xmb_forumxmbMatch1.8_sp2

xmb_forumxmbMatch1.8_sp3

xmb_forumxmbMatch1.9.1

xmb_forumxmbMatch1.9.2

xmb_forumxmbMatch1.9_beta

CPENameOperatorVersion
xmb_forum:xmbxmb forum xmble1.9.3
xmb_forum:xmbxmb forum xmbeq1.8_sp1
xmb_forum:xmbxmb forum xmbeq1.8_sp2
xmb_forum:xmbxmb forum xmbeq1.8_sp3
xmb_forum:xmbxmb forum xmbeq1.9.1
xmb_forum:xmbxmb forum xmbeq1.9.2
xmb_forum:xmbxmb forum xmbeq1.9_beta

CPE	Name	Operator	Version
xmb_forum:xmb	xmb forum xmb	le	1.9.3
xmb_forum:xmb	xmb forum xmb	eq	1.8_sp1
xmb_forum:xmb	xmb forum xmb	eq	1.8_sp2
xmb_forum:xmb	xmb forum xmb	eq	1.8_sp3
xmb_forum:xmb	xmb forum xmb	eq	1.9.1
xmb_forum:xmb	xmb forum xmb	eq	1.9.2
xmb_forum:xmb	xmb forum xmb	eq	1.9_beta

References

irannetjob.com/content/view/163/28/

secunia.com/advisories/17642

securitytracker.com/id?1015237

www.securityfocus.com/archive/1/417078/30/0/threaded

www.securityfocus.com/bid/15489

www.vupen.com/english/advisories/2005/2488

docs.xmbforum2.com/index.php?title=Security_Issue_History

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2005-3688

nvd1 cvelist1