CVE-2003-0375

Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://forums.xmbforum.com/viewthread.php?tid=773046
http://marc.info/?l=bugtraq&m=105363936402228&w=2
http://www.securityfocus.com/bid/7662
https://docs.xmbforum2.com/index.php?title=Security_Issue_History

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:xmb_forum:xmb:1.6:::::::*
	cpe:2.3:a:xmb_forum:xmb:1.8:::::::*
	cpe:2.3:a:xmb_forum:xmb:1.11:::::::*

History

No history.

Information

Published : 2003-06-16 04:00

Updated : 2021-04-29 15:15

NVD link : CVE-2003-0375

Mitre link : CVE-2003-0375

CVE.ORG link : CVE-2003-0375

JSON object : View

Products Affected

xmb_forum

xmb

CWE

NVD-CWE-Other

{"id": "CVE-2003-0375", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-06-16T04:00:00.000", "references": [{"url": "http://forums.xmbforum.com/viewthread.php?tid=773046", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105363936402228&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7662", "source": "cve@mitre.org"}, {"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the \"member\" parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en member.php de XMBforum XMB 1.8.x (Partagium) permite que atacantes remotos inserten HTML arbitrario y script web mediante el par\u00e1metro \"member\"."}], "lastModified": "2021-04-29T15:15:09.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xmb_forum:xmb:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "117DF46A-A82C-4C96-8F03-01BDE72E971C"}, {"criteria": "cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "368C1906-D897-46D8-A47E-D321311EE393"}, {"criteria": "cpe:2.3:a:xmb_forum:xmb:1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFE2318F-803D-4461-8C0C-1A6A9D896D70"}], "operator": "OR"}]}], "vendorComments": [{"comment": "XMB versions 1.9.8 and later were checked and are not vulnerable. Upgrades are available at https://www.xmbforum2.com/", "lastModified": "2021-04-23T12:37:39.270", "organization": "XMB"}], "sourceIdentifier": "cve@mitre.org"}