CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2006-0778
https://notcve.org/view.php?id=CVE-2006-0778
19 Feb 2006 — Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. • http://secunia.com/advisories/18821 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2006-0779
https://notcve.org/view.php?id=CVE-2006-0779
19 Feb 2006 — Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. • http://www.gulftech.org/?node=research&article_id=00100-02122006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 1CVE-2005-3688
https://notcve.org/view.php?id=CVE-2005-3688
19 Nov 2005 — Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page. • http://irannetjob.com/content/view/163/28 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1863
https://notcve.org/view.php?id=CVE-2004-1863
31 Dec 2004 — Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 0CVE-2004-1860
https://notcve.org/view.php?id=CVE-2004-1860
31 Dec 2004 — Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker. • http://marc.info/?l=bugtraq&m=108023281112510&w=2 •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2004-1862
https://notcve.org/view.php?id=CVE-2004-1862
26 Mar 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1864
https://notcve.org/view.php?id=CVE-2004-1864
26 Mar 2004 — SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2004-0323 – XMB Forum 1.8 - 'forumdisplay.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-0323
18 Mar 2004 — Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta. • https://www.exploit-db.com/exploits/23748 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 4CVE-2004-0322 – XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0322
23 Feb 2004 — Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed. • https://www.exploit-db.com/exploits/23746 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0483 – XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0483
28 Jun 2003 — Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php. Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en XMB Forum 1.8 Partagium permite a atacantes remotos insertar script arbitrario mediante el parámetro member en member.php, o el parámetro action en buddy.php • https://www.exploit-db.com/exploits/22821 •