RSS   Podatności dla 'XMB'   RSS

2009-07-05
 
CVE-2007-6728

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration.

 
2006-02-18
 
CVE-2006-0779

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag.

 
 
CVE-2006-0778

CWE-Other
 

 
Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php.

 
2005-11-18
 
CVE-2005-3689

CWE-Other
 

 
post.php in XMB 1.9.2 allows remote attackers to obtain the installation path via an invalid fid parameter in a newthread action.

 
 
CVE-2005-3688

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page.

 
2005-11-16
 
CVE-2005-3544

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

 
2005-08-16
 
CVE-2005-2575

 

 
SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable.

 
 
CVE-2005-2574

 

 
xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].

 
2005-05-02
 
CVE-2005-0885

 

 
Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields.

 
2004-03-26
 
CVE-2004-1864

 

 
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top