CVE-2004-2509
UBB.threads 6.2.3 and 6.5 - Cross-Site Scripting via Cat Parameter
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2004-2509. PoCs published by dw. & ms..
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in UBB.threads versions 6.2.3 and 6.5, where user-supplied URI input is not properly sanitized. The example URI demonstrates how an attacker could inject malicious script code via the 'Cat' parameter.
Description
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
Exploits (3)
The provided text describes a cross-site scripting (XSS) vulnerability in UBB.threads versions 6.2.3 and 6.5, where user-supplied URI input is not properly sanitized. The example URI demonstrates how an attacker could inject malicious script code via the 'Cat' parameter.
The provided text describes a cross-site scripting (XSS) vulnerability in UBB.threads versions 6.2.3 and 6.5, where user-supplied URI input is not properly sanitized, allowing remote attackers to inject malicious HTML or script code.
The provided text describes a cross-site scripting (XSS) vulnerability in UBB.threads versions 6.2.3 and 6.5, where user-supplied URI input is not properly sanitized. The vulnerability allows remote attackers to inject malicious HTML or script code via crafted links.