Page 2 of 11 results (0.015 seconds)

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://osvdb.org/14983 http://osvdb.org/14985 http://osvdb.org/14986 http://osvdb.org/14987 http://osvdb.org/14988 http://secunia.com/advisories/11230 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15654 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://securitytracker.com/id?1009561 http://www.osvdb.org/16886 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15655 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta. • https://www.exploit-db.com/exploits/23748 http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html http://marc.info/?l=bugtraq&m=107756526625179&w=2 http://www.securityfocus.com/bid/9726 http://www.xmbforum.com/community/boards/viewthread.php?tid=746859 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15295 •

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed. • https://www.exploit-db.com/exploits/23746 https://www.exploit-db.com/exploits/23745 https://www.exploit-db.com/exploits/23747 http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html http://marc.info/?l=bugtraq&m=107756526625179&w=2 http://www.securityfocus.com/bid/9726 http://www.xmbforum.com/community/boards/viewthread.php?tid=746859 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15292 https://ex •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php. Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en XMB Forum 1.8 Partagium permite a atacantes remotos insertar script arbitrario mediante el parámetro member en member.php, o el parámetro action en buddy.php • https://www.exploit-db.com/exploits/22821 http://marc.info/?l=bugtraq&m=105638720409307&w=2 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •