4 results (0.007 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. • http://secunia.com/advisories/18821 http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23117 http://www.osvdb.org/23118 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24646 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. • http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23119 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1

Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page. • http://irannetjob.com/content/view/163/28 http://secunia.com/advisories/17642 http://securitytracker.com/id?1015237 http://www.securityfocus.com/archive/1/417078/30/0/threaded http://www.securityfocus.com/bid/15489 http://www.vupen.com/english/advisories/2005/2488 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2

Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en member.php de XMBforum XMB 1.8.x (Partagium) permite que atacantes remotos inserten HTML arbitrario y script web mediante el parámetro "member". • https://www.exploit-db.com/exploits/22632 https://www.exploit-db.com/exploits/22820 http://forums.xmbforum.com/viewthread.php?tid=773046 http://marc.info/?l=bugtraq&m=105363936402228&w=2 http://www.securityfocus.com/bid/7662 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •