CVE-2003-0375
published 2003-06-16CVE-2003-0375: Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.54%
90.4th percentile
Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xmb_forum | xmb | — | — |
| xmb_forum | xmb | — | — |
| xmb_forum | xmb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting
exploitdb·2003-06-23
CVE-2003-0375 XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting
XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/8013/info
XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data.
An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user.
http://www.example.com/XMBforum/member.phpaction=viewpro&member=admin alert('XSS')
Exploit-DB
XMB Forum 1.8 - 'member.php' Cross-Site Scripting
exploitdb·2003-06-22
CVE-2003-0375 XMB Forum 1.8 - 'member.php' Cross-Site Scripting
XMB Forum 1.8 - 'member.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/7662/info
XMB Forum has been reported prone to a cross-site scripting vulnerability.
XMB Forum fails to adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to a specific XMB Forum script.
This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running XMB Forum.
Note that although this vulnerability has been reported to affect XMB Forum 1.8, previous versions might also be affected.
http://www.example.com/forum/member.php?action=viewpro&member=%3Cdiv%3E%3Cfont%20color=%22red%22%3EMarc%3C/font%3E%3Cscript%3Ealert(%22Rue
No writeups or analysis indexed.
http://forums.xmbforum.com/viewthread.php?tid=773046http://marc.info/?l=bugtraq&m=105363936402228&w=2http://www.securityfocus.com/bid/7662https://docs.xmbforum2.com/index.php?title=Security_Issue_Historyhttp://forums.xmbforum.com/viewthread.php?tid=773046http://marc.info/?l=bugtraq&m=105363936402228&w=2http://www.securityfocus.com/bid/7662https://docs.xmbforum2.com/index.php?title=Security_Issue_History
2003-06-16
Published