Lucene search

MitreCVE-2004-0322

HistoryMar 18, 2004 - 5:00 a.m.

CVE-2004-0322

2004-03-1805:00:00

mitre

web.nvd.nist.gov

xmb

1.8

final

sp2

xss

vulnerabilities

remote execution

script

users

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.013

Percentile

86.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.

Affected configurations

Nvd

Node

xmb_forumxmbMatch1.8

xmb_forumxmbMatch1.8_sp1

xmb_forumxmbMatch1.8_sp2

VendorProductVersionCPE
xmb_forumxmb1.8cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*
xmb_forumxmb1.8_sp1cpe:2.3:a:xmb_forum:xmb:1.8_sp1:*:*:*:*:*:*:*
xmb_forumxmb1.8_sp2cpe:2.3:a:xmb_forum:xmb:1.8_sp2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xmb_forum	xmb	1.8	cpe:2.3:a:xmb_forum:xmb:1.8:::::::*
xmb_forum	xmb	1.8_sp1	cpe:2.3:a:xmb_forum:xmb:1.8_sp1:::::::*
xmb_forum	xmb	1.8_sp2	cpe:2.3:a:xmb_forum:xmb:1.8_sp2:::::::*

References

archives.neohapsis.com/archives/bugtraq/2004-02/0645.html

marc.info/?l=bugtraq&m=107756526625179&w=2

www.securityfocus.com/bid/9726

www.xmbforum.com/community/boards/viewthread.php?tid=746859

docs.xmbforum2.com/index.php?title=Security_Issue_History

exchange.xforce.ibmcloud.com/vulnerabilities/15292

exchange.xforce.ibmcloud.com/vulnerabilities/15294

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.013

Percentile

86.0%

JSON

Related for CVE-2004-0322