CVE-2004-0322

Name of the Vulnerable Software and Affected Versions XMB version 1.8 Final SP2

Description The issue allows remote attackers to execute arbitrary script as other users. This can be achieved through various means, including the member parameter in "member.php", the uid parameter in "u2uadmin.php", the user parameter in "editprofile.php", an onmouseover event in an align tag when bbcode is allowed, or an img tag where bbcode is allowed.

Recommendations For XMB version 1.8 Final SP2, consider disabling the execution of scripts in the mentioned parameters and tags until a patch is available. Restrict access to the "member.php", "u2uadmin.php", and "editprofile.php" files to minimize the risk of exploitation. Avoid using the member, uid, and user parameters in the affected files, and disable the use of onmouseover events in align tags and img tags when bbcode is allowed.