CVE-2005-3688 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Your Current Mood field in the registration page.

Affected Software

Name	Vendor	Start Version	End Version
Xmb	Xmb_forum	*	1.9.3 (including)
Xmb	Xmb_forum	1.8_sp1 (including)	1.8_sp1 (including)
Xmb	Xmb_forum	1.8_sp2 (including)	1.8_sp2 (including)
Xmb	Xmb_forum	1.8_sp3 (including)	1.8_sp3 (including)
Xmb	Xmb_forum	1.9.1 (including)	1.9.1 (including)
Xmb	Xmb_forum	1.9.2 (including)	1.9.2 (including)
Xmb	Xmb_forum	1.9_beta (including)	1.9_beta (including)

References

http://irannetjob.com/content/view/163/28/
http://secunia.com/advisories/17642
http://securitytracker.com/id?1015237
http://www.securityfocus.com/archive/1/417078/30/0/threaded
http://www.securityfocus.com/bid/15489
http://www.vupen.com/english/advisories/2005/2488
https://docs.xmbforum2.com/index.php?title=Security_Issue_History
http://irannetjob.com/content/view/163/28/
http://secunia.com/advisories/17642
http://securitytracker.com/id?1015237
http://www.securityfocus.com/archive/1/417078/30/0/threaded
http://www.securityfocus.com/bid/15489
http://www.vupen.com/english/advisories/2005/2488
https://docs.xmbforum2.com/index.php?title=Security_Issue_History

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-3688
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html