Description
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/23747
exploitdb
WORKING POC
VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/23745
exploitdb
WORKING POC
VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/23746
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15292
Various Sources x_refsource_misc
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15294
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9726
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html
Various Sources x_refsource_confirm
http://www.xmbforum.com/community/boards/viewthread.php?tid=746859
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107756526625179&w=2
Scores
EPSS
0.0105
EPSS Percentile
77.6%
Details
Status
published
Products (3)
xmb_forum/xmb
1.8
xmb_forum/xmb
1.8_sp1
xmb_forum/xmb
1.8_sp2
Published
Feb 23, 2004
Tracked Since
Feb 18, 2026