18 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16. XMB es vulnerable a un ataque de tipo cross-site scripting (XSS) debido a un filtrado inadecuado de la entrada de BBCode. Este bug afecta a todas las versiones de XMB. • https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://forums.xmbforum2.com/viewthread.php?tid=777105 https://www.xmbforum2.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en XMB v1.5, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través del campo MSN durante el registro del usuario. • http://forum.antichat.ru/showpost.php?p=340740 https://docs.xmbforum2.com/index.php?title=Security_Issue_History • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. • http://secunia.com/advisories/18821 http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23117 http://www.osvdb.org/23118 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24646 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. • http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23119 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1

post.php in XMB 1.9.2 allows remote attackers to obtain the installation path via an invalid fid parameter in a newthread action. • http://irannetjob.com/content/view/163/28 http://secunia.com/advisories/17642 http://www.securityfocus.com/archive/1/417078/30/0/threaded http://www.securityfocus.com/bid/15489 http://www.vupen.com/english/advisories/2005/2488 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •