Vulnerabilities > XMB Forum > XMB > 1.8.sp2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-0323 | Unspecified vulnerability in XMB Forum XMB 1.8/1.8Sp1/1.8Sp2 Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. | 7.5 |
2004-02-23 | CVE-2004-0322 | Unspecified vulnerability in XMB Forum XMB 1.8/1.8Sp1/1.8Sp2 Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed. network xmb-forum | 4.3 |