This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mercuryboard First view 2005-03-23
Product Mercuryboard Message Board Last view 2008-02-13
Version 1.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mercuryboard:mercuryboard_message_board

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2008-02-13 CVE-2008-0757

Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter (aka the message text area), which leads to an injection in the messenger during private message (PM) preview. NOTE: some of these details are obtained from third party information.
4.3 2005-03-23 CVE-2005-0878

Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message).

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-63 Simple Script Injection
CAPEC-73 User-Controlled Filename
CAPEC-81 Web Logs Tampering
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-104 Cross Zone Scripting

Open Source Vulnerability Database (OSVDB)

id Description
41479 MercuryBoard index.php message Parameter XSS
14936 MercuryBoard Private Message title Parameter XSS

OpenVAS Exploits

id Description
2005-11-03 Name : Multiple Vulnerabilities in MercuryBoard
File : nvt/mercuryboard_multiple_vuln.nasl