CVE-2004-1871

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.

Reference

http://marc.info/?l=bugtraq&m=108057790723123&w=2
http://secunia.com/advisories/11241
http://securitytracker.com/id?1009571
http://www.gulftech.org/03282004.php
http://www.securityfocus.com/bid/9994
https://exchange.xforce.ibmcloud.com/vulnerabilities/15643

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

29-03-2004 - 05:00