NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2004-1863

Summary	Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.
Publication Date	Dec. 31, 2004, 2 p.m.
Registration Date	Jan. 29, 2021, 6:01 p.m.
Last Update	April 30, 2021, 12:15 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:xmb_forum:xmb:1.8_sp3:::::::*
cpe:2.3:a:xmb_forum:xmb:1.9_beta:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.securityfocus.com/bid/9983	BID
2	http://www.osvdb.org/14982	OSVDB
3	http://www.osvdb.org/14989	OSVDB
4	http://www.osvdb.org/14991	OSVDB
5	http://www.osvdb.org/16884	OSVDB
6	http://marc.info/?l=bugtraq&m=108032355905265&w=2	BUGTRAQ
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/15654	XF
8	https://docs.xmbforum2.com/index.php?title=Security_Issue_History	MISC

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html