Vulnerabilities > CVE-2004-2063 - Unspecified vulnerability in Antiboard

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
antiboard
nessus
exploit available

Summary

Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.

Exploit-Db

descriptionAntiBoard 0.6/0.7 antiboard.php feedback Parameter XSS. CVE-2004-2063. Webapps exploit for php platform
idEDB-ID:24330
last seen2016-02-02
modified2004-07-28
published2004-07-28
reporterJosh Gilmour
sourcehttps://www.exploit-db.com/download/24330/
titleAntiBoard 0.6/0.7 antiboard.php feedback Parameter XSS

Nessus

NASL familyCGI abuses
NASL idANTIBOARD_SQL_INJECTION.NASL
descriptionThe remote host appears to be running the AntiBoard bulletin board system. There are multiple SQL injection vulnerabilities in the remote software that may allow an attacker to execute arbitrary SQL commands on the remote host, and possibly bypass the authentication mechanisms of AntiBoard. Note, AntiBoard is also affected by a cross-site scripting vulnerability, however Nessus has not tested this.
last seen2020-06-01
modified2020-06-02
plugin id14187
published2004-08-02
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14187
titleAntiBoard antiboard.php Multiple Parameter SQL Injection