CVE-2004-2063

Vulnerability

AntiBoard versions 0.7.2 and earlier are vulnerable to a reflected cross-site scripting (XSS) issue in antiboard.php. The feedback parameter is not properly sanitized before being returned to the user, allowing injection of arbitrary HTML or JavaScript. This affects the PHP-based bulletin board system [1][2].

Exploitation

An attacker can craft a malicious URL containing a feedback parameter with embedded script code. No authentication or special privileges are required; the victim only needs to visit the crafted link. The attack is performed via a simple HTTP GET request to antiboard.php [2].

Impact

Successful exploitation allows the attacker to execute arbitrary HTML and JavaScript in the context of the victim's browser. This can lead to session hijacking, defacement, or theft of sensitive information. The attacker gains no server-side access but can perform actions on behalf of the victim within the application [1][2].

Mitigation

No official patch was released for this vulnerability. The software is likely end-of-life and no longer maintained. Users should consider migrating to an alternative bulletin board system or applying input validation filters as a workaround [1][2].