CVE-2021-29399
https://notcve.org/view.php?id=CVE-2021-29399
XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16. XMB es vulnerable a un ataque de tipo cross-site scripting (XSS) debido a un filtrado inadecuado de la entrada de BBCode. Este bug afecta a todas las versiones de XMB. • https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://forums.xmbforum2.com/viewthread.php?tid=777105 https://www.xmbforum2.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-0778
https://notcve.org/view.php?id=CVE-2006-0778
Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. • http://secunia.com/advisories/18821 http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23117 http://www.osvdb.org/23118 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24646 •
CVE-2006-0779
https://notcve.org/view.php?id=CVE-2006-0779
Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. • http://www.gulftech.org/?node=research&article_id=00100-02122006 http://www.osvdb.org/23119 http://www.securityfocus.com/archive/1/425084/100/0/threaded http://www.securityfocus.com/bid/16604 http://www.vupen.com/english/advisories/2006/0529 http://www.xmbforum.com https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://exchange.xforce.ibmcloud.com/vulnerabilities/24647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-3688
https://notcve.org/view.php?id=CVE-2005-3688
Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page. • http://irannetjob.com/content/view/163/28 http://secunia.com/advisories/17642 http://securitytracker.com/id?1015237 http://www.securityfocus.com/archive/1/417078/30/0/threaded http://www.securityfocus.com/bid/15489 http://www.vupen.com/english/advisories/2005/2488 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •
CVE-2005-2574
https://notcve.org/view.php?id=CVE-2005-2574
xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR]. • http://forums.xmbforum.com/viewthread.php?tid=754523 http://marc.info/?l=bugtraq&m=112361545228809&w=2 https://docs.xmbforum2.com/index.php?title=Security_Issue_History •