CVE-2004-1862 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xmb Forum	Xmb

Configuration 1 [-]

OR	cpe:2.3:a:xmb_forum:xmb:1.8_sp3:::::::*
	cpe:2.3:a:xmb_forum:xmb:1.9_beta:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=108032355905265&w=2
http://osvdb.org/14983
http://osvdb.org/14985
http://osvdb.org/14986
http://osvdb.org/14987
http://osvdb.org/14988
http://secunia.com/advisories/11230
http://www.securityfocus.com/bid/9983
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
https://exchange.xforce.ibmcloud.com/vulnerabilities/15654

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-10T04:00:00

Updated: 2024-08-08T01:07:49.013Z

Reserved: 2005-05-04T00:00:00

Link: CVE-2004-1862

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-03-26T05:00:00.000

Modified: 2021-04-29T15:15:09.413

Link: CVE-2004-1862

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-29T14:37:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "xmb-forum-multiple-xss(15654)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 Partagium SP3 and 1.9 Nexus Beta]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"name": "11230", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/11230"}, {"name": "14988", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14988"}, {"name": "14985", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14985"}, {"name": "14983", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14983"}, {"name": "14987", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14987"}, {"name": "9983", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9983"}, {"name": "14986", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/14986"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1862", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "xmb-forum-multiple-xss(15654)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 Partagium SP3 and 1.9 Nexus Beta]", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"name": "11230", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11230"}, {"name": "14988", "refsource": "OSVDB", "url": "http://osvdb.org/14988"}, {"name": "14985", "refsource": "OSVDB", "url": "http://osvdb.org/14985"}, {"name": "14983", "refsource": "OSVDB", "url": "http://osvdb.org/14983"}, {"name": "14987", "refsource": "OSVDB", "url": "http://osvdb.org/14987"}, {"name": "9983", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9983"}, {"name": "14986", "refsource": "OSVDB", "url": "http://osvdb.org/14986"}, {"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "refsource": "MISC", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:07:49.013Z"}, "title": "CVE Program Container", "references": [{"name": "xmb-forum-multiple-xss(15654)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}, {"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 Partagium SP3 and 1.9 Nexus Beta]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"name": "11230", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/11230"}, {"name": "14988", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14988"}, {"name": "14985", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14985"}, {"name": "14983", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14983"}, {"name": "14987", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14987"}, {"name": "9983", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9983"}, {"name": "14986", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/14986"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1862", "datePublished": "2005-05-10T04:00:00", "dateReserved": "2005-05-04T00:00:00", "dateUpdated": "2024-08-08T01:07:49.013Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmb_forum:xmb:1.8_sp3:*:*:*:*:*:*:*", "matchCriteriaId": "DCB6F1E0-B54E-4D45-901C-9E2992C98BBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmb_forum:xmb:1.9_beta:*:*:*:*:*:*:*", "matchCriteriaId": "BC06BDA0-F6D1-4B0D-B807-40B5A3F36B52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php."}], "id": "CVE-2004-1862", "lastModified": "2021-04-29T15:15:09.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-03-26T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108032355905265&w=2"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14983"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14985"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14986"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14987"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/14988"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/11230"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9983"}, {"source": "cve@mitre.org", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15654"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "As noted in https://docs.xmbforum2.com/index.php?title=Security_Issue_History XMB version 1.9.10 or later must be installed to prevent attacks described by this CVE. All earlier versions of XMB are vulnerable until upgraded. Upgrades are available at https://www.xmbforum2.com/", "lastModified": "2020-09-09T10:03:51.437", "organization": "XMB"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}