Vulnerabilities > CVE-2004-2509 - Unspecified vulnerability in Ubbcentral Ubb.Threads 6.2.3/6.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS. CVE-2004-2509. Webapps exploit for php platform id EDB-ID:24827 last seen 2016-02-03 modified 2004-12-13 published 2004-12-13 reporter dw. and ms. source https://www.exploit-db.com/download/24827/ title UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS description UBBCentral UBB.threads 6.2.3/6.5 calendar.php Cat Parameter XSS. CVE-2004-2509. Webapps exploit for php platform id EDB-ID:24825 last seen 2016-02-03 modified 2004-12-13 published 2004-12-13 reporter dw. and ms. source https://www.exploit-db.com/download/24825/ title UBBCentral UBB.threads 6.2.3/6.5 calendar.php Cat Parameter XSS description UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS. CVE-2004-2509. Webapps exploit for php platform id EDB-ID:24826 last seen 2016-02-03 modified 2004-12-13 published 2004-12-13 reporter dw. and ms. source https://www.exploit-db.com/download/24826/ title UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS
Nessus
NASL family | CGI abuses : XSS |
NASL id | UBBTHREADS_XSS.NASL |
description | There are various cross-site scripting issues in the remote version of this software. An attacker may exploit them to use the remote website to inject arbitrary HTML and script code into a user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15951 |
published | 2004-12-13 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15951 |
title | UBB.threads < 6.5.1 Multiple XSS |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0239.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0239.html
- http://secunia.com/advisories/13452
- http://secunia.com/advisories/13452
- http://securitytracker.com/id?1012503
- http://securitytracker.com/id?1012503
- http://www.osvdb.org/12365
- http://www.osvdb.org/12365
- http://www.osvdb.org/12366
- http://www.osvdb.org/12366
- http://www.osvdb.org/12367
- http://www.osvdb.org/12367
- http://www.securityfocus.com/bid/11900
- http://www.securityfocus.com/bid/11900
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18432
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18432