CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2006-0778
https://notcve.org/view.php?id=CVE-2006-0778
19 Feb 2006 — Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. • http://secunia.com/advisories/18821 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2006-0779
https://notcve.org/view.php?id=CVE-2006-0779
19 Feb 2006 — Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. • http://www.gulftech.org/?node=research&article_id=00100-02122006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 1CVE-2005-3688
https://notcve.org/view.php?id=CVE-2005-3688
19 Nov 2005 — Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page. • http://irannetjob.com/content/view/163/28 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2004-0323 – XMB Forum 1.8 - 'forumdisplay.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-0323
18 Mar 2004 — Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta. • https://www.exploit-db.com/exploits/23748 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 4CVE-2004-0322 – XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0322
23 Feb 2004 — Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed. • https://www.exploit-db.com/exploits/23746 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0483 – XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0483
28 Jun 2003 — Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php. Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en XMB Forum 1.8 Partagium permite a atacantes remotos insertar script arbitrario mediante el parámetro member en member.php, o el parámetro action en buddy.php • https://www.exploit-db.com/exploits/22821 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2003-0375 – XMB Forum 1.8 - 'member.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0375
06 Jun 2003 — Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en member.php de XMBforum XMB 1.8.x (Partagium) permite que atacantes remotos inserten HTML arbitrario y script web mediante el parámetro "member". • https://www.exploit-db.com/exploits/22632 •