Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xmb Forum | Xmb | 1.8_sp3 |
References
- http://marc.info/?l=bugtraq&m=108032355905265&w=2
- http://osvdb.org/14983
- http://osvdb.org/14985
- http://osvdb.org/14986
- http://osvdb.org/14987
- http://osvdb.org/14988
- http://secunia.com/advisories/11230
- http://www.securityfocus.com/bid/9983Vendor Advisory
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15654
- http://marc.info/?l=bugtraq&m=108032355905265&w=2
- http://osvdb.org/14983
- http://osvdb.org/14985
- http://osvdb.org/14986
- http://osvdb.org/14987
FAQ
What is CVE-2004-1862?
CVE-2004-1862 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xm...
How severe is CVE-2004-1862?
CVE-2004-1862 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1862?
Check the references section above for vendor advisories and patch information. Affected products include: Xmb Forum Xmb.