Vulnerabilities > CVE-2004-0322 - Unspecified vulnerability in XMB Forum XMB 1.8/1.8Sp1/1.8Sp2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description XMB Forum 1.8 editprofile.php user Parameter XSS. CVE-2004-0322. Webapps exploit for php platform id EDB-ID:23746 last seen 2016-02-02 modified 2004-02-23 published 2004-02-23 reporter Janek Vind source https://www.exploit-db.com/download/23746/ title XMB Forum 1.8 editprofile.php user Parameter XSS description XMB Forum 1.8 BBcode align Tag XSS. CVE-2004-0322. Webapps exploit for php platform id EDB-ID:23747 last seen 2016-02-02 modified 2004-02-23 published 2004-02-23 reporter Janek Vind source https://www.exploit-db.com/download/23747/ title XMB Forum 1.8 BBcode align Tag XSS description XMB Forum 1.8 u2uadmin.php uid Parameter XSS. CVE-2004-0322. Webapps exploit for php platform id EDB-ID:23745 last seen 2016-02-02 modified 2004-02-23 published 2004-02-23 reporter Janek Vind source https://www.exploit-db.com/download/23745/ title XMB Forum 1.8 u2uadmin.php uid Parameter XSS
Statements
contributor | |
lastmodified | 2008-12-11 |
organization | XMB |
statement | XMB versions 1.9.8 SP2 and later were checked and are not vulnerable. |
References
- http://www.securityfocus.com/bid/9726
- http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html
- http://www.xmbforum.com/community/boards/viewthread.php?tid=746859
- http://marc.info/?l=bugtraq&m=107756526625179&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15292
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History