CVE-2003-0493

Snitz Forums 3.4.03 and earlier are affected by an authentication vulnerability where an attacker can gain privileges as another user by stealing and replaying the encrypted password after obtaining a valid session ID. The available sources (NVD entry for CVE-2003-0493 and related records) descri...

CVE-2003-0492

The CVE-2003-0492 entry concerns Snitz Forums (3.4.03 and earlier) with a Cross-site Scripting (XSS) vulnerability in search.asp. The issue allows remote attackers to execute arbitrary web script by supplying a crafted value to the Search parameter. Multiple connected sources corroborate an XSS s...

CVE-2003-0494

CVE-2003-0494 affects Snitz Forums 3.4.03 and earlier. The vulnerability is in password.asp: a remote attacker can reset passwords and gain privileges as other users by sending a direct request with a modified member id. Root cause appears to be parameter tampering on the member identifier, enabl...

Snitz Forums 2000 3.4.03 - 'search.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7922/info Snitz Forums is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters. Exploitation may allow theft of cookie-based authentication credentials or other attacks...