MidnightBSD

Advisories for mibew

CVE-2012-0829 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
mibew mibew_messenger 1.5.2
mibew mibew_messenger 1.6.0
mibew mibew_messenger *
mibew mibew_messenger 1.4.0
mibew mibew_messenger 1.5.0
mibew mibew_messenger 1.6.2
mibew mibew_messenger 1.6.1
mibew mibew_messenger 1.4.1
mibew mibew_messenger 1.0.10
mibew mibew_messenger 1.4.2
mibew mibew_messenger 1.6.3
mibew mibew_messenger 1.0.6
mibew mibew_messenger 1.0.7
mibew mibew_messenger 1.5.1
mibew mibew_messenger 1.0.9
mibew mibew_messenger 1.0.8
CVE-2020-17476 MEDIUM

Mibew Messenger before 3.2.7 allows XSS via a crafted user name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mibew messenger *