CVE-2004-1967

HIGH

Openbb - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=108301983206107&w=2

[Broken Link, Exploit, Vendor Advisory] http://secunia.com/advisories/11481

[Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory] http://securitytracker.com/id?1009935

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15967

Scores

CVSS v3 8.8

EPSS 0.0127

EPSS Percentile 79.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-352

Status draft

Affected Products (1)

openbb/openbb

Timeline

Published Apr 25, 2004

Tracked Since Feb 18, 2026