Vulnerability Description
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbb | Openbb | 1.0.0_beta1 |
References
- http://marc.info/?l=bugtraq&m=108301983206107&w=2
- http://secunia.com/advisories/11481Vendor Advisory
- http://securitytracker.com/id?1009935Vendor Advisory
- http://www.securityfocus.com/bid/10218Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15971
- http://marc.info/?l=bugtraq&m=108301983206107&w=2
- http://secunia.com/advisories/11481Vendor Advisory
- http://securitytracker.com/id?1009935Vendor Advisory
- http://www.securityfocus.com/bid/10218Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15971
FAQ
What is CVE-2004-1969?
CVE-2004-1969 is a vulnerability with a CVSS score of 7.5 (HIGH). The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript.
How severe is CVE-2004-1969?
CVE-2004-1969 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1969?
Check the references section above for vendor advisories and patch information. Affected products include: Openbb Openbb.