Vulnerabilities > CVE-2004-2063 - Input Validation vulnerability in AntiBoard
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Exploit-Db
| description | AntiBoard 0.6/0.7 antiboard.php feedback Parameter XSS. CVE-2004-2063. Webapps exploit for php platform |
| id | EDB-ID:24330 |
| last seen | 2016-02-02 |
| modified | 2004-07-28 |
| published | 2004-07-28 |
| reporter | Josh Gilmour |
| source | https://www.exploit-db.com/download/24330/ |
| title | AntiBoard 0.6/0.7 antiboard.php feedback Parameter XSS |
Nessus
| NASL family | CGI abuses |
| NASL id | ANTIBOARD_SQL_INJECTION.NASL |
| description | The remote host appears to be running the AntiBoard bulletin board system. There are multiple SQL injection vulnerabilities in the remote software that may allow an attacker to execute arbitrary SQL commands on the remote host, and possibly bypass the authentication mechanisms of AntiBoard. Note, AntiBoard is also affected by a cross-site scripting vulnerability, however Nessus has not tested this. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14187 |
| published | 2004-08-02 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14187 |
| title | AntiBoard antiboard.php Multiple Parameter SQL Injection |