Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1863

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-1863
Last Modified 05 Sep 2008 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1863

Summary

Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.

Vulnerable Systems

Application

  • Xmb Forum Xmb 1.8 Sp3

  • Xmb Forum Xmb 1.9 Beta


References

XF - xmb-forum-multiple-xss(15654)

BID - 9983

OSVDB - 16884

OSVDB - 14991

OSVDB - 14989

OSVDB - 14982

BUGTRAQ - 20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 Partagium SP3 and 1.9 Nexus Beta]


Last Updated: 27 May 2016 10:39:13