Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1862

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-1862
Last Modified 05 Sep 2008 04:42:33
Published 26 Mar 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1862

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.

Vulnerable Systems

Application

  • Xmb Forum Xmb 1.8 Sp3

  • Xmb Forum Xmb 1.9 Beta


References

XF - xmb-forum-multiple-xss(15654)

BID - 9983

BUGTRAQ - 20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 Partagium SP3 and 1.9 Nexus Beta]

SECUNIA - 11230

OSVDB - 14988

OSVDB - 14987

OSVDB - 14986

OSVDB - 14985

OSVDB - 14983


Last Updated: 27 May 2016 10:39:13