CVE-2004-1863

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/15654

https://docs.xmbforum2.com/index.php?title=Security_Issue_History

http://www.securityfocus.com/bid/9983

http://www.osvdb.org/16884

http://www.osvdb.org/14991

http://www.osvdb.org/14989

http://www.osvdb.org/14982

http://marc.info/?l=bugtraq&m=108032355905265&w=2

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium