CVE-2004-1716 - Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arb

CVE-2004-1716

Summary

Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.

References

http://marc.info/?l=bugtraq&m=109267937212298&w=2
http://secunia.com/advisories/12317/
http://www.kb.cert.org/vuls/id/674542
http://www.osvdb.org/8985
http://www.pscript.de/news/index.php
http://www.securityfocus.com/bid/10954
https://exchange.xforce.ibmcloud.com/vulnerabilities/17003

Vulnerable Configurations

cpe:2.3:a:powie:pforum:1.24:*:*:*:*:*:*:*
cpe:2.3:a:powie:pforum:1.24:*:*:*:*:*:*:*
cpe:2.3:a:powie:pforum:1.25:*:*:*:*:*:*:*
cpe:2.3:a:powie:pforum:1.25:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	10954
bugtraq	20040814 pscript.de PFORUM XSS Vulnerability
cert-vn	VU#674542
confirm	http://www.pscript.de/news/index.php
osvdb	8985
secunia	12317
xf	pforum-irc-aim-xss(17003)

Last major update

11-07-2017 - 01:31

Published

16-08-2004 - 04:00

Last modified

11-07-2017 - 01:31