CVE-2004-1965
published 2004-04-25CVE-2004-1965: Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
8.44%
94.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OpenBB 1.0.x - 'myhome.php?to' Cross-Site Scripting
exploitdb·2004-04-26
CVE-2004-1965 OpenBB 1.0.x - 'myhome.php?to' Cross-Site Scripting
OpenBB 1.0.x - 'myhome.php?to' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10214/info
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were f
Exploit-DB
OpenBB 1.0.x - 'index.php?redirect' Cross-Site Scripting
exploitdb·2004-04-26
CVE-2004-1965 OpenBB 1.0.x - 'index.php?redirect' Cross-Site Scripting
OpenBB 1.0.x - 'index.php?redirect' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10214/info
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link w
Exploit-DB
OpenBB 1.0.x - 'post.php?TID' Cross-Site Scripting
exploitdb·2004-04-26
CVE-2004-1965 OpenBB 1.0.x - 'post.php?TID' Cross-Site Scripting
OpenBB 1.0.x - 'post.php?TID' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10214/info
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were fo
Exploit-DB
OpenBB 1.0.x - 'member.php?redirect' Cross-Site Scripting
exploitdb·2004-04-26
CVE-2004-1965 OpenBB 1.0.x - 'member.php?redirect' Cross-Site Scripting
OpenBB 1.0.x - 'member.php?redirect' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10214/info
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link
Exploit-DB
OpenBB < 1.0.6 - Multiple Vulnerabilities
exploitdb·2004-04-24·CVSS 4.3
CVE-2004-1965 [MEDIUM] OpenBB < 1.0.6 - Multiple Vulnerabilities
OpenBB getrow();
$ftype = $query_type->field('type');
As we can see from this code, the $FID variable seems to get passed directly to the query without being validated, thus allowing for an attacker to execute malicious queries. This is not the only vulnerable file though. Below are a list of similarly vulnerable files.
/board.php?FID=1[SQL]
/member.php?action=list&page=1&sortorder=[SQL]
/member.php?action=list&page=1&sortorder=username&perpage=[SQL]
/member.php?action=passwdsend&resetid=blah&id=2[SQL]
/search.php?&sortby=dateline&sort=DESC&q=open&forums%5B[SQL]%5D
/post.php?action=edit&page=1&PID=1[SQL]
/post.php?action=post&FID=1[SQL]
These files are prone to similar attacks because they allow input that has not been validated to be executed in the query. This can be used for example
Nuclei
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
nuclei·CVSS 4.3
CVE-2004-1965 [MEDIUM] Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
Template:
id: CVE-2004-1965
info:
name: Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
author: ctflearner
severity: medium
description: |
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4)
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108301983206107&w=2http://secunia.com/advisories/11481http://securitytracker.com/id?1009935http://www.securityfocus.com/bid/10214https://exchange.xforce.ibmcloud.com/vulnerabilities/15966http://marc.info/?l=bugtraq&m=108301983206107&w=2http://secunia.com/advisories/11481http://securitytracker.com/id?1009935http://www.securityfocus.com/bid/10214https://exchange.xforce.ibmcloud.com/vulnerabilities/15966
2004-04-25
Published