CVE-2004-1640

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.

Reference

http://cyruxnet.org/modulo_dic_xoops.htm
http://marc.info/?l=bugtraq&m=109394077209963&w=2
http://secunia.com/advisories/12424
http://www.osvdb.org/9393
http://www.osvdb.org/9394
http://www.securityfocus.com/bid/11064
https://exchange.xforce.ibmcloud.com/vulnerabilities/17152
https://exchange.xforce.ibmcloud.com/vulnerabilities/17154

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

28-08-2004 - 04:00