CVE-2004-1863

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.

Reference

http://www.securityfocus.com/bid/9983
http://www.osvdb.org/14982
http://www.osvdb.org/14989
http://www.osvdb.org/14991
http://www.osvdb.org/16884
http://marc.info/?l=bugtraq&m=108032355905265&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15654
https://docs.xmbforum2.com/index.php?title=Security_Issue_History

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-04-2021 - 15:15

Objavljeno

31-12-2004 - 05:00