CVE-2005-3544
published 2005-11-16CVE-2005-3544: Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.63%
90.6th percentile
Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xmb_forum | xmb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting
exploitdb·2006-02-13
CVE-2005-3544 XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting
XMB Forum 1.8/1.9 - 'u2u.php?Username' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/16604/info
XMB Forum is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
Successful exploits of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
http://www.example.com/u2u.php?action=send&username=%22%3E%3Ciframe%3E
Exploit-DB
XMB Forum 1.9.3 - 'u2u.php' Cross-Site Scripting
exploitdb·2005-11-07
CVE-2005-3544 XMB Forum 1.9.3 - 'u2u.php' Cross-Site Scripting
XMB Forum 1.9.3 - 'u2u.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/15342/info
XMB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. A successful exploit could allow an attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/u2u.php?action=send&username=[code]
No writeups or analysis indexed.
http://secunia.com/advisories/17458http://www.securityfocus.com/archive/1/415800/30/0/threadedhttp://www.securityfocus.com/bid/15342http://www.vupen.com/english/advisories/2005/2333https://docs.xmbforum2.com/index.php?title=Security_Issue_Historyhttps://exchange.xforce.ibmcloud.com/vulnerabilities/22990http://secunia.com/advisories/17458http://www.securityfocus.com/archive/1/415800/30/0/threadedhttp://www.securityfocus.com/bid/15342http://www.vupen.com/english/advisories/2005/2333https://docs.xmbforum2.com/index.php?title=Security_Issue_Historyhttps://exchange.xforce.ibmcloud.com/vulnerabilities/22990
2005-11-16
Published