CVE-2004-1862 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01558.

Key SSVC decision points have not yet been added.

Vendors	Products
Xmb Forum	Xmb

Configuration 1 [-]

OR	cpe:2.3:a:xmb_forum:xmb:1.8_sp3:::::::*
	cpe:2.3:a:xmb_forum:xmb:1.9_beta:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://marc.info/?l=bugtraq&m=108032355905265&w=2
http://osvdb.org/14983
http://osvdb.org/14985
http://osvdb.org/14986
http://osvdb.org/14987
http://osvdb.org/14988
http://secunia.com/advisories/11230
http://www.securityfocus.com/bid/9983
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
https://exchange.xforce.ibmcloud.com/vulnerabilities/15654

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-10T04:00:00

Updated: 2024-08-08T01:07:49.013Z

Reserved: 2005-05-04T00:00:00

Link: CVE-2004-1862

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-03-26T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-1862

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-29T14:37:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "xmb-forum-multiple-xss(15654)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 Partagium SP3 and 1.9 Nexus Beta]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"name": "11230", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/11230"}, {"name": "14988", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14988"}, {"name": "14985", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14985"}, {"name": "14983", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14983"}, {"name": "14987", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14987"}, {"name": "9983", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9983"}, {"name": "14986", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14986"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1862", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "xmb-forum-multiple-xss(15654)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 Partagium SP3 and 1.9 Nexus Beta]", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"name": "11230", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11230"}, {"name": "14988", "refsource": "OSVDB", "url": "http://osvdb.org/14988"}, {"name": "14985", "refsource": "OSVDB", "url": "http://osvdb.org/14985"}, {"name": "14983", "refsource": "OSVDB", "url": "http://osvdb.org/14983"}, {"name": "14987", "refsource": "OSVDB", "url": "http://osvdb.org/14987"}, {"name": "9983", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9983"}, {"name": "14986", "refsource": "OSVDB", "url": "http://osvdb.org/14986"}, {"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "refsource": "MISC", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:07:49.013Z"}, "title": "CVE Program Container", "references": [{"name": "xmb-forum-multiple-xss(15654)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 Partagium SP3 and 1.9 Nexus Beta]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"name": "11230", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/11230"}, {"name": "14988", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14988"}, {"name": "14985", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14985"}, {"name": "14983", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14983"}, {"name": "14987", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14987"}, {"name": "9983", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9983"}, {"name": "14986", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14986"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1862", "datePublished": "2005-05-10T04:00:00", "dateReserved": "2005-05-04T00:00:00", "dateUpdated": "2024-08-08T01:07:49.013Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmb_forum:xmb:1.8_sp3:*:*:*:*:*:*:*", "matchCriteriaId": "DCB6F1E0-B54E-4D45-901C-9E2992C98BBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmb_forum:xmb:1.9_beta:*:*:*:*:*:*:*", "matchCriteriaId": "BC06BDA0-F6D1-4B0D-B807-40B5A3F36B52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php."}], "id": "CVE-2004-1862", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-03-26T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14983"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14985"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14986"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14987"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14988"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/11230"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9983"}, {"source": "cve@mitre.org", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/14983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/14985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/14986"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/14987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/14988"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/11230"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "As noted in https://docs.xmbforum2.com/index.php?title=Security_Issue_History XMB version 1.9.10 or later must be installed to prevent attacks described by this CVE. All earlier versions of XMB are vulnerable until upgraded. Upgrades are available at https://www.xmbforum2.com/", "lastModified": "2020-09-09T10:03:51.437", "organization": "XMB"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}