CVE-2004-2497

Sažetak

Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

Reference

http://secunia.com/advisories/12150
http://www.hitachi-support.com/security_e/vuls_e/HS04-003_e/index-e.html
http://www.osvdb.org/8264
http://www.securityfocus.com/bid/10818
https://exchange.xforce.ibmcloud.com/vulnerabilities/16822

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

31-12-2004 - 05:00