4.3

CVE-2004-0322

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xmb ForumXmb Version1.8
Xmb ForumXmb Version1.8_sp1
Xmb ForumXmb Version1.8_sp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.86% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html
http://marc.info/?l=bugtraq&m=107756526625179&w=2
http://www.securityfocus.com/bid/9726
Patch
Vendor Advisory
Exploit
http://www.xmbforum.com/community/boards/viewthread.php?tid=746859
https://exchange.xforce.ibmcloud.com/vulnerabilities/15292
https://exchange.xforce.ibmcloud.com/vulnerabilities/15294