VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 26, 2004· Updated Apr 16, 2026

CVE-2004-1862

CVE-2004-1862

Description

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.

Affected products

2
  • Xmb Forum/Xmb2 versions
    cpe:2.3:a:xmb_forum:xmb:1.8_sp3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:xmb_forum:xmb:1.8_sp3:*:*:*:*:*:*:*
    • cpe:2.3:a:xmb_forum:xmb:1.9_beta:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.