CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-29399
https://notcve.org/view.php?id=CVE-2021-29399
19 Apr 2021 — XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16. XMB es vulnerable a un ataque de tipo cross-site scripting (XSS) debido a un filtrado inadecuado de la entrada de BBCode. Este bug afecta a todas las versiones de XMB. • https://docs.xmbforum2.com/index.php?title=Security_Issue_History • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2005-3688
https://notcve.org/view.php?id=CVE-2005-3688
19 Nov 2005 — Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page. • http://irannetjob.com/content/view/163/28 •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2004-1860
https://notcve.org/view.php?id=CVE-2004-1860
31 Dec 2004 — Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker. • http://marc.info/?l=bugtraq&m=108023281112510&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-1863
https://notcve.org/view.php?id=CVE-2004-1863
31 Dec 2004 — Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2004-1862
https://notcve.org/view.php?id=CVE-2004-1862
26 Mar 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2004-1864
https://notcve.org/view.php?id=CVE-2004-1864
26 Mar 2004 — SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. • http://marc.info/?l=bugtraq&m=108032355905265&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2003-0375 – XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0375
06 Jun 2003 — Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en member.php de XMBforum XMB 1.8.x (Partagium) permite que atacantes remotos inserten HTML arbitrario y script web mediante el parámetro "member". • https://www.exploit-db.com/exploits/22820 •