CVE-2009-3204

Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
stivaforumstiva_forum
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/57177
http://osvdb.org/57178
http://packetstormsecurity.org/0908-exploits/stivaforum-xss.txt
http://secunia.com/advisories/36409
https://exchange.xforce.ibmcloud.com/vulnerabilities/52613
http://osvdb.org/57177
http://osvdb.org/57178
http://packetstormsecurity.org/0908-exploits/stivaforum-xss.txt
http://secunia.com/advisories/36409
https://exchange.xforce.ibmcloud.com/vulnerabilities/52613