CVE-2004-2484

Sažetak

Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php.

Reference

http://cvs.sourceforge.net/viewcvs.py/phpgiftreg/src/event.php?r1=1.4&r2=1.5
http://cvs.sourceforge.net/viewcvs.py/phpgiftreg/src/index.php?r1=1.20&r2=1.21
http://secunia.com/advisories/13414
http://sourceforge.net/project/shownotes.php?release_id=288731
http://www.osvdb.org/12286
http://www.osvdb.org/12287
http://www.securityfocus.com/bid/11879
https://exchange.xforce.ibmcloud.com/vulnerabilities/18412

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

31-12-2004 - 05:00