CVE-2004-0322

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.

Reference

http://www.securityfocus.com/bid/9726
http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html
http://www.xmbforum.com/community/boards/viewthread.php?tid=746859
http://marc.info/?l=bugtraq&m=107756526625179&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15294
https://exchange.xforce.ibmcloud.com/vulnerabilities/15292
https://docs.xmbforum2.com/index.php?title=Security_Issue_History

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-04-2021 - 15:15

Objavljeno

23-02-2004 - 05:00