Detections
Analytics

CVE-2004-1862

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/15654

https://docs.xmbforum2.com/index.php?title=Security_Issue_History

http://www.securityfocus.com/bid/9983

http://secunia.com/advisories/11230

http://osvdb.org/14988

http://osvdb.org/14987

http://osvdb.org/14986

http://osvdb.org/14985

http://osvdb.org/14983

http://marc.info/?l=bugtraq&m=108032355905265&w=2

Details

Source: Mitre, NVD

Published: 2004-03-26

Updated: 2021-04-29

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium