Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3688

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3688
Last Modified 07 Mar 2011 09:26:59
Published 18 Nov 2005 08:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3688

Summary

Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page.

Vulnerable Systems

Application

  • Xmb Forum Xmb 1.8 Sp1

  • Xmb Forum Xmb 1.8 Sp2

  • Xmb Forum Xmb 1.8 Sp3

  • Xmb Forum Xmb 1.9 Beta

  • Xmb Forum Xmb 1.9.1

  • Xmb Forum Xmb 1.9.2

  • Xmb Forum Xmb 1.9.3


References

VUPEN - ADV-2005-2488

BID - 15489

BUGTRAQ - 20051117 [KAPDA::#13] - XMB HTML Injection & Path Disclosure.

SECTRACK - 1015237

SECUNIA - 17642

MISC - http://irannetjob.com/content/view/163/28/


Last Updated: 27 May 2016 10:41:00