Lucene search

[email protected]CVE-2004-0248

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0248

2004-11-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0248

cross-site scripting

xss

phpx 3.2.3

remote attackers

arbitrary script

html injection

script injection

main.inc.php

help.inc.php

personal messages

forum

7.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum.

CPENameOperatorVersion
phpx:phpxphpxeq3.2.3

CPE	Name	Operator	Version
phpx:phpx	phpx	eq	3.2.3

References

marc.info/?l=bugtraq&m=107586932324901&w=2

secunia.com/advisories/10797/

www.securityfocus.com/bid/9569

exchange.xforce.ibmcloud.com/vulnerabilities/15050

exchange.xforce.ibmcloud.com/vulnerabilities/15051

7.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON