Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0322

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-0322
Last Modified 05 Sep 2008 04:38:07
Published 23 Feb 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0322

Summary

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.

Vulnerable Systems

Application

  • Xmb Forum Xmb 1.8

  • Xmb Forum Xmb 1.8 Sp1

  • Xmb Forum Xmb 1.8 Sp2


References

XF - xmb-multiple-scripts-xss(15292)

BID - 9726

BUGTRAQ - 20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2

XF - xmb-bbcode-execute-code(15294)

CONFIRM - http://www.xmbforum.com/community/boards/viewthread.php?tid=746859

BUGTRAQ - 20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2


Last Updated: 27 May 2016 10:38:34