{"api_version":"1","generated_at":"2026-05-30T22:42:12+00:00","cve":"CVE-2004-1716","urls":{"html":"https://cve.report/CVE-2004-1716","api":"https://cve.report/api/cve/CVE-2004-1716.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-1716","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-1716"},"summary":{"title":"CVE-2004-1716","description":"Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-08-16 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.kb.cert.org/vuls/id/674542","name":"http://www.kb.cert.org/vuls/id/674542","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","US Government Resource"],"title":"US-CERT Vulnerability Note VU#674542","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=109267937212298&w=2","name":"http://marc.info/?l=bugtraq&m=109267937212298&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'pscript.de PFORUM XSS Vulnerability' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/8985","name":"http://www.osvdb.org/8985","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/10954","name":"http://www.securityfocus.com/bid/10954","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"PScript PForum User Profile HTML Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17003","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17003","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.pscript.de/news/index.php","name":"http://www.pscript.de/news/index.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Diese Domain wurde erfolgreich für den Höchstbieter der Auction registriert.","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/12317/","name":"http://secunia.com/advisories/12317/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"Secunia - Advisories - PSCRIPT Forum User Profile Script Insertion Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-1716","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-1716","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"1716","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"powie","cpe5":"pforum","cpe6":"1.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1716","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"powie","cpe5":"pforum","cpe6":"1.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:00:37.431Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"pforum-irc-aim-xss(17003)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17003"},{"name":"20040814 pscript.de PFORUM XSS Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=109267937212298&w=2"},{"name":"10954","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/10954"},{"name":"8985","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/8985"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.pscript.de/news/index.php"},{"name":"VU#674542","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/674542"},{"name":"12317","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/12317/"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-08-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"pforum-irc-aim-xss(17003)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17003"},{"name":"20040814 pscript.de PFORUM XSS Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=109267937212298&w=2"},{"name":"10954","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/10954"},{"name":"8985","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/8985"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.pscript.de/news/index.php"},{"name":"VU#674542","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/674542"},{"name":"12317","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/12317/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-1716","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"pforum-irc-aim-xss(17003)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17003"},{"name":"20040814 pscript.de PFORUM XSS Vulnerability","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=109267937212298&w=2"},{"name":"10954","refsource":"BID","url":"http://www.securityfocus.com/bid/10954"},{"name":"8985","refsource":"OSVDB","url":"http://www.osvdb.org/8985"},{"name":"http://www.pscript.de/news/index.php","refsource":"CONFIRM","url":"http://www.pscript.de/news/index.php"},{"name":"VU#674542","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/674542"},{"name":"12317","refsource":"SECUNIA","url":"http://secunia.com/advisories/12317/"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-1716","datePublished":"2005-02-26T05:00:00.000Z","dateReserved":"2005-02-26T00:00:00.000Z","dateUpdated":"2024-08-08T01:00:37.431Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-08-16 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:powie:pforum:1.24:*:*:*:*:*:*:*","matchCriteriaId":"482C52B4-A029-4D00-8CA6-1D3225D8DE8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:powie:pforum:1.25:*:*:*:*:*:*:*","matchCriteriaId":"BC0DC717-9742-4852-9582-8E4EF0C361DD"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"1716","Ordinal":"1","Title":"CVE-2004-1716","CVE":"CVE-2004-1716","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"1716","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.","Type":"Description","Title":"CVE-2004-1716"},{"CveYear":"2004","CveId":"1716","Ordinal":"2","NoteData":"2005-02-26","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"1716","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}