7 results (0.011 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. • http://secunia.com/advisories/18821 http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23117 http://www.osvdb.org/23118 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24646 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. • http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23119 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1

Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page. • http://irannetjob.com/content/view/163/28 http://secunia.com/advisories/17642 http://securitytracker.com/id?1015237 http://www.securityfocus.com/archive/1/417078/30/0/threaded http://www.securityfocus.com/bid/15489 http://www.vupen.com/english/advisories/2005/2488 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta. • https://www.exploit-db.com/exploits/23748 http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html http://marc.info/?l=bugtraq&m=107756526625179&w=2 http://www.securityfocus.com/bid/9726 http://www.xmbforum.com/community/boards/viewthread.php?tid=746859 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15295 •

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed. • https://www.exploit-db.com/exploits/23746 https://www.exploit-db.com/exploits/23745 https://www.exploit-db.com/exploits/23747 http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html http://marc.info/?l=bugtraq&m=107756526625179&w=2 http://www.securityfocus.com/bid/9726 http://www.xmbforum.com/community/boards/viewthread.php?tid=746859 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15292 https://ex •