CVE-2004-0322
XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-02-23 CVE Published
- 2004-02-23 First Exploit
- 2004-03-17 CVE Reserved
- 2024-08-08 CVE Updated
- 2024-08-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html | Mailing List | |
http://marc.info/?l=bugtraq&m=107756526625179&w=2 | Mailing List | |
http://www.xmbforum.com/community/boards/viewthread.php?tid=746859 | X_refsource_confirm | |
https://docs.xmbforum2.com/index.php?title=Security_Issue_History | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15292 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15294 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/23746 | 2004-02-23 | |
https://www.exploit-db.com/exploits/23745 | 2004-02-23 | |
https://www.exploit-db.com/exploits/23747 | 2004-02-23 | |
http://www.securityfocus.com/bid/9726 | 2024-08-08 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xmb Forum Search vendor "Xmb Forum" | Xmb Search vendor "Xmb Forum" for product "Xmb" | 1.8 Search vendor "Xmb Forum" for product "Xmb" and version "1.8" | - |
Affected
| ||||||
Xmb Forum Search vendor "Xmb Forum" | Xmb Search vendor "Xmb Forum" for product "Xmb" | 1.8_sp1 Search vendor "Xmb Forum" for product "Xmb" and version "1.8_sp1" | - |
Affected
| ||||||
Xmb Forum Search vendor "Xmb Forum" | Xmb Search vendor "Xmb Forum" for product "Xmb" | 1.8_sp2 Search vendor "Xmb Forum" for product "Xmb" and version "1.8_sp2" | - |
Affected
|