CVE-2004-1827

Published: Mar 15, 2004Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.

Affected (3)

Products: Simple Machines: Simple Machines Smf · Yabb: Yabb

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Simple Machines Simple Machines Smf	Version 1.0_b
Yabb Yabb	Version 1.5.1
Yabb Yabb	Version 1_gold_-_sp_1.3

References (14)

http://marc.info/?l=bugtraq&m=107936800226430&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107948064923981&w=2

Source: cve@mitre.org

http://secunia.com/advisories/11128

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://securitytracker.com/id?1009427

Source: cve@mitre.org

http://www.securityfocus.com/bid/9873

Source: cve@mitre.org

PatchVendor Advisory

http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/15488

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107936800226430&w=2