Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xmb Forum | Xmb | 1.8_sp3 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=108032355905265&w=2
- http://www.osvdb.org/14982
- http://www.osvdb.org/14989
- http://www.osvdb.org/14991
- http://www.osvdb.org/16884
- http://www.securityfocus.com/bid/9983
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15654
- http://marc.info/?l=bugtraq&m=108032355905265&w=2
- http://www.osvdb.org/14982
- http://www.osvdb.org/14989
- http://www.osvdb.org/14991
- http://www.osvdb.org/16884
- http://www.securityfocus.com/bid/9983
- https://docs.xmbforum2.com/index.php?title=Security_Issue_History
FAQ
What is CVE-2004-1863?
CVE-2004-1863 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader par...
How severe is CVE-2004-1863?
CVE-2004-1863 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1863?
Check the references section above for vendor advisories and patch information. Affected products include: Xmb Forum Xmb.