{"vuid":"VU#744590","idnumber":"744590","name":"Board Power contains cross-site scripting vulnerability in the 'action' parameter of 'icq.cgi'","keywords":["Board Power forum","cross-site scripting","action","icq.cgi"],"overview":"Board Power fails to filter malicious content provided in the URL, leading to a cross-site scripting vulnerability. Attackers who exploit this vulnerability may be able to execute arbitrary scripts.","clean_desc":"Board Power is a forum application available for multiple operating systems. There are reports of a cross-site scripting vulnerability in Board Power v2.04 PF. According to the reports, the application fails to filter malicious content passed into the \"action\" parameter of icq.cgi. Other versions of Board Power may also be affected.","impact":"If a site is compromised, sensitive information may be exposed, allowing an attacker to gather information such as passwords and credit card numbers. Information stored in cookies may also be stolen or corrupted.","resolution":"We are currently unaware of a practical solution to this problem. It appears that Board Power is no longer supported and has not been updated since 2000.","workarounds":"","sysaffected":"","thanks":"Thanks to Alexander Antipov for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://www.securityfocus.com/bid/10734","http://www.securitytracker.com/alerts/2004/Jul/1010708.html","http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0642.html","http://xforce.iss.net/xforce/xfdb/16698"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-07-19T17:00:22Z","publicdate":"2004-07-15T00:00:00Z","datefirstpublished":"2004-08-05T19:37:12Z","dateupdated":"2004-08-18T15:22:07Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"3","cam_impact":"15","cam_easeofexploitation":"12","cam_attackeraccessrequired":"15","cam_scorecurrent":"3.796875","cam_scorecurrentwidelyknown":"3.796875","cam_scorecurrentwidelyknownexploited":"6.834375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.796875,"vulnote":null}