CVE-2004-1965 | Vulnerability Database | Aqua Security

Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.

Affected Software

Name	Vendor	Start Version	End Version
Openbb	Openbb	1.0.0_beta1 (including)	1.0.0_beta1 (including)
Openbb	Openbb	1.0.0_rc1 (including)	1.0.0_rc1 (including)
Openbb	Openbb	1.0.0_rc2 (including)	1.0.0_rc2 (including)
Openbb	Openbb	1.0.0_rc3 (including)	1.0.0_rc3 (including)
Openbb	Openbb	1.0.5 (including)	1.0.5 (including)
Openbb	Openbb	1.0.6 (including)	1.0.6 (including)
Openbb	Openbb	1.0.8 (including)	1.0.8 (including)

References

http://marc.info/?l=bugtraq\u0026m=108301983206107\u0026w=2
http://secunia.com/advisories/11481
http://securitytracker.com/id?1009935
http://www.securityfocus.com/bid/10214
https://exchange.xforce.ibmcloud.com/vulnerabilities/15966
http://marc.info/?l=bugtraq\u0026m=108301983206107\u0026w=2
http://secunia.com/advisories/11481
http://securitytracker.com/id?1009935
http://www.securityfocus.com/bid/10214
https://exchange.xforce.ibmcloud.com/vulnerabilities/15966

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1965
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html