CVE-2004-2509

Infopop UBB.Threads <6.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.

Exploits (3)

exploitdb WRITEUP VERIFIED

by dw. & ms. · textwebappsphp

https://www.exploit-db.com/exploits/24827

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by dw. & ms. · textwebappsphp

https://www.exploit-db.com/exploits/24826

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by dw. & ms. · textwebappsphp

https://www.exploit-db.com/exploits/24825

View Code ZIP pw:eip

References (8)

Core 8

Core References

Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/12366

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11900

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1012503

Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/12365

Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/12367

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/13452

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0239.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18432

Scores

EPSS 0.0138

EPSS Percentile 80.4%

Details

Status published

Products (2)

ubbcentral/ubb.threads 6.2.3

ubbcentral/ubb.threads 6.5

Published Dec 31, 2004

Tracked Since Feb 18, 2026