Page 3 of 14 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://www.osvdb.org/14982 http://www.osvdb.org/14989 http://www.osvdb.org/14991 http://www.osvdb.org/16884 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://securitytracker.com/id?1009561 http://www.osvdb.org/16886 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15655 •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://osvdb.org/14983 http://osvdb.org/14985 http://osvdb.org/14986 http://osvdb.org/14987 http://osvdb.org/14988 http://secunia.com/advisories/11230 http://www.securityfocus.com/bid/9983 https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/15654 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2

Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en member.php de XMBforum XMB 1.8.x (Partagium) permite que atacantes remotos inserten HTML arbitrario y script web mediante el parámetro "member". • https://www.exploit-db.com/exploits/22632 https://www.exploit-db.com/exploits/22820 http://forums.xmbforum.com/viewthread.php?tid=773046 http://marc.info/?l=bugtraq&m=105363936402228&w=2 http://www.securityfocus.com/bid/7662 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •