Vulnerabilities > CVE-2004-0322 - Unspecified vulnerability in XMB Forum XMB 1.8/1.8Sp1/1.8Sp2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
xmb-forum
exploit available
NVD
Published: 2004-02-23
Updated: 2021-04-29

Summary

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.

Vulnerable Configurations

Part Description Count
Application
Xmb_Forum
3

Exploit-Db

  • descriptionXMB Forum 1.8 editprofile.php user Parameter XSS. CVE-2004-0322. Webapps exploit for php platform
    idEDB-ID:23746
    last seen2016-02-02
    modified2004-02-23
    published2004-02-23
    reporterJanek Vind
    sourcehttps://www.exploit-db.com/download/23746/
    titleXMB Forum 1.8 editprofile.php user Parameter XSS
  • descriptionXMB Forum 1.8 BBcode align Tag XSS. CVE-2004-0322. Webapps exploit for php platform
    idEDB-ID:23747
    last seen2016-02-02
    modified2004-02-23
    published2004-02-23
    reporterJanek Vind
    sourcehttps://www.exploit-db.com/download/23747/
    titleXMB Forum 1.8 BBcode align Tag XSS
  • descriptionXMB Forum 1.8 u2uadmin.php uid Parameter XSS. CVE-2004-0322. Webapps exploit for php platform
    idEDB-ID:23745
    last seen2016-02-02
    modified2004-02-23
    published2004-02-23
    reporterJanek Vind
    sourcehttps://www.exploit-db.com/download/23745/
    titleXMB Forum 1.8 u2uadmin.php uid Parameter XSS

Statements

contributor
lastmodified2008-12-11
organizationXMB
statementXMB versions 1.9.8 SP2 and later were checked and are not vulnerable.

References