CVE-2021-29399 - OpenCVE

XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Xmbforum2	Xmb
Php	Php

Configuration 1 [-]

AND

cpe:2.3:a:xmbforum2:xmb:*:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:-:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:xmbforum2:xmb::::::::
	cpe:2.3:a:xmbforum2:xmb::::::::

OR	cpe:2.3:a:php:php:7.0.0:-::::::
	cpe:2.3:a:php:php:8.0.0:-::::::

References

Link	Resource
https://docs.xmbforum2.com/index.php?title=Security_Issue_History	Vendor Advisory
https://forums.xmbforum2.com/viewthread.php?tid=777105	Patch Vendor Advisory
https://www.xmbforum2.com/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-19T11:00:27

Updated: 2021-04-19T11:00:27

Reserved: 2021-03-29T00:00:00

Link: CVE-2021-29399

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-19T12:15:18.553

Modified: 2021-04-22T20:07:08.333

Link: CVE-2021-29399

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-19T11:00:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.xmbforum2.com/"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}, {"tags": ["x_refsource_MISC"], "url": "https://forums.xmbforum2.com/viewthread.php?tid=777105"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-29399", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.xmbforum2.com/", "refsource": "MISC", "url": "https://www.xmbforum2.com/"}, {"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", "refsource": "MISC", "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}, {"name": "https://forums.xmbforum2.com/viewthread.php?tid=777105", "refsource": "MISC", "url": "https://forums.xmbforum2.com/viewthread.php?tid=777105"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-29399", "datePublished": "2021-04-19T11:00:27", "dateReserved": "2021-03-29T00:00:00", "dateUpdated": "2021-04-19T11:00:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmbforum2:xmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5B563F5-9FB3-41A6-991F-606162F49915", "versionEndExcluding": "1.9.11.16", "versionStartIncluding": "1.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "8004A58C-C291-4489-A852-D3E07D82BD9C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmbforum2:xmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "74A29A96-1A14-45F5-96C7-CB9764F40089", "versionEndExcluding": "1.9.11.16", "versionStartIncluding": "1.9.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmbforum2:xmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "76480995-DE4A-4404-BDCD-2627230077E2", "versionEndExcluding": "1.9.12.03", "versionStartIncluding": "1.9.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:7.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "E5C4C35D-F8FE-429F-8F6E-9178EAB21772", "vulnerable": false}, {"criteria": "cpe:2.3:a:php:php:8.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "6CC80B03-CD93-4B0F-91DC-21BCF9BA42C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16."}, {"lang": "es", "value": "XMB es vulnerable a un ataque de tipo cross-site scripting (XSS) debido a un filtrado inadecuado de la entrada de BBCode. Este bug afecta a todas las versiones de XMB. Todas las instalaciones de XMB deben ser actualizadas a las versiones 1.9.12.03 o 1.9.11.16"}], "id": "CVE-2021-29399", "lastModified": "2021-04-22T20:07:08.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-19T12:15:18.553", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://forums.xmbforum2.com/viewthread.php?tid=777105"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.xmbforum2.com/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}