CVE-2004-1862 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php (2) folder parameter to u2u.php (3) viewmost replymost or latest parameter to stats.php (4) message or icons parameter to post.php (5) threadlist pagelinks forumlist navigation or (6) forumdisplay parameter to forumdisplay.php.

Reference

http://marc.info/?l=bugtraq&m=108032355905265&w=2 http://osvdb.org/14983 http://osvdb.org/14985 http://osvdb.org/14986 http://osvdb.org/14987 http://osvdb.org/14988 http://secunia.com/advisories/11230 http://www.securityfocus.com/bid/9983 https://exchange.xforce.ibmcloud.com/vulnerabilities/15654