CVE-2004-2402 - OpenCVE

Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Yabb	Yabb

Configuration 1 [-]

OR	cpe:2.3:a:yabb:yabb:1.40:::::::*
	cpe:2.3:a:yabb:yabb:1.41:::::::*
	cpe:2.3:a:yabb:yabb:1_gold_-_sp_1:::::::*
	cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.2:::::::*
	cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3:::::::*
	cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.1:::::::*
	cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.2:::::::*
	cpe:2.3:a:yabb:yabb:1_gold_release:::::::*
	cpe:2.3:a:yabb:yabb:2000-09-01:::::::*
	cpe:2.3:a:yabb:yabb:2000-09-11:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html	Exploit
http://secunia.com/advisories/12593	Exploit Vendor Advisory
http://www.osvdb.org/10242
http://www.securityfocus.com/bid/11215	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/17452

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-17T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-08-17T00:00:00

Link: CVE-2004-2402

JSON object: View

NVD Information

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:31:51.997

Link: CVE-2004-2402

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-17T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "12593", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12593"}, {"name": "10242", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/10242"}, {"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"}, {"name": "yabb-board-xss(17452)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17452"}, {"name": "11215", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11215"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2402", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "12593", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12593"}, {"name": "10242", "refsource": "OSVDB", "url": "http://www.osvdb.org/10242"}, {"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"}, {"name": "yabb-board-xss(17452)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17452"}, {"name": "11215", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11215"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2402", "datePublished": "2005-08-17T04:00:00", "dateReserved": "2005-08-17T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yabb:yabb:1.40:*:*:*:*:*:*:*", "matchCriteriaId": "E45990B7-1AA5-450C-86B6-33653F332B2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:1.41:*:*:*:*:*:*:*", "matchCriteriaId": "183071C9-0D08-4A9C-8566-2F9E81742F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:1_gold_-_sp_1:*:*:*:*:*:*:*", "matchCriteriaId": "CE218CB1-11EE-4DE2-A556-8F3F9F624D6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.2:*:*:*:*:*:*:*", "matchCriteriaId": "517253F6-2875-4D01-9F6D-903AFBD7B06D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3:*:*:*:*:*:*:*", "matchCriteriaId": "29C236ED-4AD6-427F-B077-0E918FC47986", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D28B213-1BC7-4FB1-84B1-31A5EB87F886", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "962801EC-7330-47F9-9740-BC0A236F8954", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:1_gold_release:*:*:*:*:*:*:*", "matchCriteriaId": "4B543E73-5055-4233-9A4B-BDD53C386CD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:2000-09-01:*:*:*:*:*:*:*", "matchCriteriaId": "5B8C55BC-81D8-46E2-A303-22D379E3CC65", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:2000-09-11:*:*:*:*:*:*:*", "matchCriteriaId": "3135BB83-CC1C-45F4-AB13-A93A17D89290", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect."}], "id": "CVE-2004-2402", "lastModified": "2017-07-11T01:31:51.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/12593"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/10242"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/11215"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17452"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}