CVE-2004-2509
published 2004-12-31CVE-2004-2509: Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.23%
80.6th percentile
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubbcentral | ubb.threads | — | — |
| ubbcentral | ubb.threads | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php?Cat' Cross-Site Scripting
exploitdb·2004-12-13
CVE-2004-2509 UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php?Cat' Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php?Cat' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11900/info
It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages.
These issues could permit a remote attacker to create malicious URI links that include hostile HTML and script code. If these links were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
These vulnerabilities are reported to e
Exploit-DB
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php?Cat' Cross-Site Scripting
exploitdb·2004-12-13
CVE-2004-2509 UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php?Cat' Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php?Cat' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11900/info
It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages.
These issues could permit a remote attacker to create malicious URI links that include hostile HTML and script code. If these links were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
These vulnerabilities are reported to ex
Exploit-DB
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting
exploitdb·2004-12-13
CVE-2004-2509 UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting
UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11900/info
It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web pages.
These issues could permit a remote attacker to create malicious URI links that include hostile HTML and script code. If these links were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
These vulnerabilities are reported to
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0239.htmlhttp://secunia.com/advisories/13452http://securitytracker.com/id?1012503http://www.osvdb.org/12365http://www.osvdb.org/12366http://www.osvdb.org/12367http://www.securityfocus.com/bid/11900https://exchange.xforce.ibmcloud.com/vulnerabilities/18432http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0239.htmlhttp://secunia.com/advisories/13452http://securitytracker.com/id?1012503http://www.osvdb.org/12365http://www.osvdb.org/12366http://www.osvdb.org/12367http://www.securityfocus.com/bid/11900https://exchange.xforce.ibmcloud.com/vulnerabilities/18432
2004-12-31
Published