CVE-2004-1823

Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/9888	Exploit
http://www.securityfocus.com/bid/9889	Exploit
http://secunia.com/advisories/11142	Patch
http://www.osvdb.org/4310
http://www.osvdb.org/4311
http://securitytracker.com/id?1009440
http://marc.info/?l=bugtraq&m=107945556112453&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15495

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jelsoft:vbulletin:3.0.0:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.0_can4:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-1823

Mitre link : CVE-2004-1823

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

jelsoft

vbulletin

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/9888", "name": "9888", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/9889", "name": "9889", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/11142", "name": "11142", "tags": ["Patch"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/4310", "name": "4310", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/4311", "name": "4311", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1009440", "name": "1009440", "tags": [], "refsource": "SECTRACK"}, {"url": "http://marc.info/?l=bugtraq&m=107945556112453&w=2", "name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495", "name": "vbulletin-showthread-xss(15495)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1823", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jelsoft:vbulletin:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_can4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}