CVE-2004-1863
CVSS4.3
发布时间 :2004-12-31 00:00:00
修订时间 :2017-07-10 21:31:24
NMCO    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.


[CNNVD]XMB Forum多个漏洞( /多 t p漏l ajs">&npan>&npan>&npan>&npan>&npan>&npan>&nlitie也称为 XMB (aka extreme message 洞库e也称为beta (aka N存在>XMB F跨脚le=dcriporum。远程攻击者借助 HTameter in editpn" tia (1) the参le=,ameer in (2) ,a3).php, (3,和.ph, and (4)n" t.php, th参le=,和.5)ameter in pn" t任意参le=t" 入任意arb脚le=或者scri。pinf>

px; =" pre 7 heider_resize"> keywo "> /a> AVD AV /a> AV / / e"> keywdb_ic

keywpm_ cla已链pcvs- s_he (基础分值) / h2 "nowra <9 wiap">

keywpm_ we已链pcvs- CWE (WE:类目) h2 "nowra <9 wiap">

"d> <13%vss_he分值:ap">  "d> <2 wid(ME ap">  "d> <67wid[n" title="中]ap">  size"> "d>机密性影响:ap">  "d>NONE ap">  "d> <67wid[对系统t机密性无影响]ap">  size"> "d>完整性影响:ap">  "d>PARTIAL ap">  "d> <67wid[可能会导致系统件被="n改]ap">  size"> "d>可me" 影响:ap">  "d>NONE ap">  "d> <67wid[对系统可me" 无影响]ap">  size"> "d>攻击复杂度:ap">  "d>e="中 ap">  "d> <67wid[息安e="C在一定t访闳件]ap">  size"> "d>攻击向量:ap">  "d>NETWORK ap">  "d> <67wid[击者不需要获取内t访闳或le=地访闳]ap">  size"> "d>身份认证:ap">  "d>NONE ap">  "d> <67wid[息安e="无需身份认证]ap">  si
sizesi

keywpm_ pe已链pcvs- CPE (受影响t平台与产品) h2 "nowrakeyw pe <9 wiap">

all> "d>(  all> "d> <67wid[在Web页面生成ap"对输入t转义处理不恰id跨脚le=d]""> al4

pe:/a:xmb_frong:xmb:ge _aka ader">CVS \"62%\">4.3 pe:/a:xmb_frong:xmb:ge8_sp3ader">CVS \"62%\">4.3<

keywpm_ffficialron已链pcvs- 官方tle="OSB数 h2

未找到Red ha定义4.3<
"d> <87wid
  • CVE="targipt"_blankic>CVE)brr s(官方tle="O源) an tiap">  size"> "d>( CVE="targipt"_blankic>CVE)brr s(官方tle="O源) ">  size"> "d>( /多 t p漏l ajs"> /多 t p漏l ajs">="clr"> keyw="db_ic/script>
    ( &nBUGTRAQ pan>&najs0326 [waraxeve_id"SA#012 - ] ( &nBID pan>&n998E> ( shreexchange.xfroce.ibmcloudwww.ging (XSS) vulne/15654="targipt"_blankic>&nXF pan>&nxmb-frong-m]