ID CVE-2003-1184
Summary Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."
References
Vulnerable Configurations
  • cpe:2.3:a:thwboard:thwboard:2.8_beta:*:*:*:*:*:*:*
    cpe:2.3:a:thwboard:thwboard:2.8_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:thwboard:thwboard:2.81_beta:*:*:*:*:*:*:*
    cpe:2.3:a:thwboard:thwboard:2.81_beta:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 8959
confirm http://sourceforge.net/project/shownotes.php?release_id=195009
osvdb
  • 3077
  • 4825
  • 4826
  • 4827
  • 4828
  • 4829
secunia 10120
xf thwboard-multiple-fields-xss(13582)
Last major update 11-07-2017 - 01:29
Published 03-11-2003 - 05:00
Last modified 11-07-2017 - 01:29
Back to Top