Basic search

K
cveCve@mitre.orgCVE-2004-0067
HistoryFeb 17, 2004 - 5:00 a.m.

CVE-2004-0067

2004-02-1705:00:00
CWE-79
cve@mitre.org
web.nvd.nist.gov
25
cve
2004
0067
xss
vulnerabilities
phpgedview
remote attackers
html
web script
descendancy.php
index.php
individual.php
login.php
relationship.php
source.php
imageview.php
calendar.php
gedrecord.php
gdbi_interface.php
nvd

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.018 Low

EPSS

Percentile

87.9%

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

CPENameOperatorVersion
phpgedview:phpgedviewphpgedviewle2.65

References

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.018 Low

EPSS

Percentile

87.9%