Vulnerabilities > CVE-2005-2004 - Cross-Site Scripting vulnerability in Ultimate PHP Board

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ultimate-php-board

nessus

NVD

Published: 2005-06-17

Updated: 2016-10-18

Summary

Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php.

Vulnerable Configurations

Part	Description	Count
Application	Ultimate_Php_Board Ultimate PHP Board Ultimate PHP Board 1.8 Ultimate PHP Board Ultimate PHP Board 1.8.2 Ultimate PHP Board Ultimate PHP Board 1.9 Ultimate PHP Board Ultimate PHP Board 1.9.6	4

Nessus

NASL family	CGI abuses : XSS
NASL id	UPB_XSS.NASL
description	The remote host is running Ultimate PHP Board (UPB). The remote version of this software is affected by several cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.
last seen	2020-06-01
modified	2020-06-02
plugin id	19498
published	2005-08-24
reporter	Copyright (C) 2005-2018 Josh Zlatin-Amishav
source	https://www.tenable.com/plugins/nessus/19498
title	Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (2)

Summary

Vulnerable Configurations

Nessus

References