Vulners
Lucene search
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2004-1965 | 10 May 200504:00 | – | cve |
 | CVE-2004-1965 | 10 May 200504:00 | – | cvelist |
 | OpenBB < 1.0.6 - Multiple Vulnerabilities | 24 Apr 200400:00 | – | exploitdb |
 | EUVD-2004-1957 | 7 Oct 202500:30 | – | euvd |
 | OpenBB 1.0.6 - Multiple Vulnerabilities | 24 Apr 200400:00 | – | exploitpack |
 | CVE-2004-1965 | 25 Apr 200404:00 | – | nvd |
id: CVE-2004-1965
info:
name: Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
author: ctflearner
severity: medium
description: |
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
impact: |
Successful exploitation of these vulnerabilities could lead to unauthorized access, phishing attacks, and potential data theft.
remediation: |
Upgrade to a patched version of Open Bulletin Board (OpenBB) or apply necessary security patches to mitigate the vulnerabilities.
reference:
- https://www.exploit-db.com/exploits/24055
- https://nvd.nist.gov/vuln/detail/CVE-2004-1965
- http://marc.info/?l=bugtraq&m=108301983206107&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15966
- https://github.com/POORVAJA-195/Nuclei-Analysis-main
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2004-1965
cwe-id: NVD-CWE-Other
epss-score: 0.08037
epss-percentile: 0.94028
cpe: cpe:2.3:a:openbb:openbb:1.0.0_beta1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: openbb
product: openbb
tags: cve,cve2004,redirect,xss,openbb,vuln
http:
- method: GET
path:
- "{{BaseURL}}/index.php?redirect=http%3A%2F%2Fwww.interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 4a0a0047304502201e7c00a81d4e09133997edda693e98424ecdbe5fd66904c8e733c76de828b986022100ad812b68038c6ab21c3fde9276521ff121e05044c05a817b01c02468a2a7b735:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
5Medium risk
Vulners AI Score5
CVSS 24.3
EPSS0.08037