CVE-2005-2004

Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php.

Published: Jun 17, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2004
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ultimate_php_board / ultimate_php_board	1.9.6	1.9.6.x
ultimate_php_board / ultimate_php_board	1.8	1.8.x
ultimate_php_board / ultimate_php_board	1.8.2	1.8.2.x
ultimate_php_board / ultimate_php_board	1.9	1.9.x

http://marc.info/?l=bugtraq&m=111893777504821&w=2
http://secunia.com/advisories/15732

Vulnerability Database

289,697

CVE-2005-2004