Vulnerabilities > CVE-2004-2509 - Cross-Site Scripting vulnerability in Ubbcentral Ubb.Threads 6.2.3/6.5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS. CVE-2004-2509. Webapps exploit for php platform id EDB-ID:24827 last seen 2016-02-03 modified 2004-12-13 published 2004-12-13 reporter dw. and ms. source https://www.exploit-db.com/download/24827/ title UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS description UBBCentral UBB.threads 6.2.3/6.5 calendar.php Cat Parameter XSS. CVE-2004-2509. Webapps exploit for php platform id EDB-ID:24825 last seen 2016-02-03 modified 2004-12-13 published 2004-12-13 reporter dw. and ms. source https://www.exploit-db.com/download/24825/ title UBBCentral UBB.threads 6.2.3/6.5 calendar.php Cat Parameter XSS description UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS. CVE-2004-2509. Webapps exploit for php platform id EDB-ID:24826 last seen 2016-02-03 modified 2004-12-13 published 2004-12-13 reporter dw. and ms. source https://www.exploit-db.com/download/24826/ title UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | UBBTHREADS_XSS.NASL |
| description | There are various cross-site scripting issues in the remote version of this software. An attacker may exploit them to use the remote website to inject arbitrary HTML and script code into a user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15951 |
| published | 2004-12-13 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15951 |
| title | UBB.threads < 6.5.1 Multiple XSS |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0239.html
- http://secunia.com/advisories/13452
- http://securitytracker.com/id?1012503
- http://www.osvdb.org/12365
- http://www.osvdb.org/12366
- http://www.osvdb.org/12367
- http://www.securityfocus.com/bid/11900
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18432