ID CVE-2004-0271 Type cve Reporter NVD Modified 2017-07-10T21:30:01
Description
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
{"id": "CVE-2004-0271", "bulletinFamily": "NVD", "title": "CVE-2004-0271", "description": "Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.", "published": "2004-11-23T00:00:00", "modified": "2017-07-10T21:30:01", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0271", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/9625", "http://marc.info/?l=bugtraq&m=107643014606515&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15122", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15120"], "cvelist": ["CVE-2004-0271"], "type": "cve", "lastseen": "2017-07-11T11:14:24", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:maxwebportal:maxwebportal:1.30", "cpe:/a:maxwebportal:maxwebportal:1.31"], "cvelist": ["CVE-2004-0271"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.", "edition": 2, "enchantments": {}, "hash": "e69eaed18e9acb3dc8f5713e84251ce3716edc958ebb34323433bf9382d55224", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "8af2c74b2dc6393aa830ea283dfea2a6", "key": "references"}, {"hash": "68884980db831870498f354201ddccfc", "key": "cpe"}, {"hash": "7383a47c1f93b4f770dee0a66253c456", "key": "modified"}, {"hash": "1650d8f10c56620cfcd85923de1847f3", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e87ac4262fdc6165d582a998a7bbfdb9", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b1fbccf3745faf628988051136c65e03", "key": "href"}, {"hash": "32c4252f769304d237931314fc8b6a60", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "5eed8c546520347e0bed2feccb51dffe", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0271", "id": "CVE-2004-0271", "lastseen": "2017-04-18T15:50:13", "modified": "2016-10-17T22:42:51", "objectVersion": "1.2", "published": "2004-11-23T00:00:00", "references": ["http://www.securityfocus.com/bid/9625", "http://xforce.iss.net/xforce/xfdb/15120", "http://marc.info/?l=bugtraq&m=107643014606515&w=2", "http://xforce.iss.net/xforce/xfdb/15122"], "reporter": "NVD", "scanner": [], "title": "CVE-2004-0271", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:13"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:maxwebportal:maxwebportal:1.30", "cpe:/a:maxwebportal:maxwebportal:1.31"], "cvelist": ["CVE-2004-0271"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.", "edition": 1, "hash": "6c25d2d2aa1f1c6b1be6341aa7c19e7177b1f9e79fd6a28a7f8683240e5f6a9e", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "68884980db831870498f354201ddccfc", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "1650d8f10c56620cfcd85923de1847f3", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e87ac4262fdc6165d582a998a7bbfdb9", "key": "published"}, {"hash": "8bed8f914c3c7ea1980534decc34eeae", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "b1fbccf3745faf628988051136c65e03", "key": "href"}, {"hash": "32c4252f769304d237931314fc8b6a60", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "5eed8c546520347e0bed2feccb51dffe", "key": "title"}, {"hash": "49545c1c6899dc2606808737a62dbd4d", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0271", "id": "CVE-2004-0271", "lastseen": "2016-09-03T04:20:30", "modified": "2008-09-05T16:37:59", "objectVersion": "1.2", "published": "2004-11-23T00:00:00", "references": ["http://www.securityfocus.com/bid/9625", "http://marc.theaimsgroup.com/?l=bugtraq&m=107643014606515&w=2", "http://xforce.iss.net/xforce/xfdb/15120", "http://xforce.iss.net/xforce/xfdb/15122"], "reporter": "NVD", "scanner": [], "title": "CVE-2004-0271", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T04:20:30"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "68884980db831870498f354201ddccfc"}, {"key": "cvelist", "hash": "32c4252f769304d237931314fc8b6a60"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "1650d8f10c56620cfcd85923de1847f3"}, {"key": "href", "hash": "b1fbccf3745faf628988051136c65e03"}, {"key": "modified", "hash": "d317d5a1223c7f5a171332bf367cabae"}, {"key": "published", "hash": "e87ac4262fdc6165d582a998a7bbfdb9"}, {"key": "references", "hash": "2ca7e88d03eedeab1a21d516c222412c"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "5eed8c546520347e0bed2feccb51dffe"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "97bd912c898e0e7f5424e694337962a9e50ebceda6807d9d5d115a2e72b7763f", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2017-07-11T11:14:24"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:3909", "OSVDB:3907", "OSVDB:3910", "OSVDB:15225"]}, {"type": "exploitdb", "idList": ["EDB-ID:23676", "EDB-ID:23677"]}], "modified": "2017-07-11T11:14:24"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:maxwebportal:maxwebportal:1.30", "cpe:/a:maxwebportal:maxwebportal:1.31"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTTP_REFERER upon submission to the down.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary HTML or script in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.32, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTTP_REFERER upon submission to the down.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary HTML or script in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.maxwebportal.com/\n[Secunia Advisory ID:10840](https://secuniaresearch.flexerasoftware.com/advisories/10840/)\n[Related OSVDB ID: 3908](https://vulners.com/osvdb/OSVDB:3908)\n[Related OSVDB ID: 3907](https://vulners.com/osvdb/OSVDB:3907)\n[Related OSVDB ID: 3910](https://vulners.com/osvdb/OSVDB:3910)\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0258.html\nISS X-Force ID: 15120\n[CVE-2004-0271](https://vulners.com/cve/CVE-2004-0271)\nBugtraq ID: 9625\n", "modified": "2004-02-10T08:55:49", "published": "2004-02-10T08:55:49", "href": "https://vulners.com/osvdb/OSVDB:3909", "id": "OSVDB:3909", "type": "osvdb", "title": "MaxWebPortal down.asp HTTP_REFERER XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate Avatar image file names upon submission to the register script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.32 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate Avatar image file names upon submission to the register script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.maxwebportal.com/\n[Secunia Advisory ID:10840](https://secuniaresearch.flexerasoftware.com/advisories/10840/)\n[Related OSVDB ID: 3909](https://vulners.com/osvdb/OSVDB:3909)\n[Related OSVDB ID: 3908](https://vulners.com/osvdb/OSVDB:3908)\n[Related OSVDB ID: 3910](https://vulners.com/osvdb/OSVDB:3910)\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0258.html\nISS X-Force ID: 15120\n[CVE-2004-0271](https://vulners.com/cve/CVE-2004-0271)\n", "modified": "2004-02-10T05:04:16", "published": "2004-02-10T05:04:16", "href": "https://vulners.com/osvdb/OSVDB:3907", "id": "OSVDB:3907", "type": "osvdb", "title": "MaxWebPortal register Avatar File Name XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"sub_name\" variable upon submission to the \"dl_showall.asp\" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.32 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"sub_name\" variable upon submission to the \"dl_showall.asp\" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.maxwebportal.com/\n[Secunia Advisory ID:10840](https://secuniaresearch.flexerasoftware.com/advisories/10840/)\n[Related OSVDB ID: 3909](https://vulners.com/osvdb/OSVDB:3909)\n[Related OSVDB ID: 3908](https://vulners.com/osvdb/OSVDB:3908)\n[Related OSVDB ID: 3907](https://vulners.com/osvdb/OSVDB:3907)\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0258.html\nISS X-Force ID: 15120\n[CVE-2004-0271](https://vulners.com/cve/CVE-2004-0271)\n", "modified": "2004-02-10T05:04:16", "published": "2004-02-10T05:04:16", "href": "https://vulners.com/osvdb/OSVDB:3910", "id": "OSVDB:3910", "type": "osvdb", "title": "MaxWebPortal dl_showall.asp sub_name Variable XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107643014606515&w=2\nISS X-Force ID: 15122\n[CVE-2004-0271](https://vulners.com/cve/CVE-2004-0271)\nBugtraq ID: 9625\n", "modified": "2004-02-10T23:48:11", "published": "2004-02-10T23:48:11", "href": "https://vulners.com/osvdb/OSVDB:15225", "id": "OSVDB:15225", "title": "MaxWebPortal Personal Message SendTo Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T21:32:52", "bulletinFamily": "exploit", "description": "MaxWebPortal 1.3x down.asp HTTP_REFERER XSS. CVE-2004-0271. Webapps exploit for asp platform", "modified": "2004-02-10T00:00:00", "published": "2004-02-10T00:00:00", "id": "EDB-ID:23676", "href": "https://www.exploit-db.com/exploits/23676/", "type": "exploitdb", "title": "MaxWebPortal 1.3x down.asp HTTP_REFERER XSS", "sourceData": "source: http://www.securityfocus.com/bid/9625/info\r\n\r\nIt has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.\r\n\r\nMaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.\r\n\r\n<a href=\"<% =Request.ServerVariables(\"HTTP_REFERER\") %>\">Back</font></a></p>", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23676/"}, {"lastseen": "2016-02-02T21:33:02", "bulletinFamily": "exploit", "description": "MaxWebPortal 1.3x Personal Message SendTo Parameter XSS. CVE-2004-0271. Webapps exploit for asp platform", "modified": "2004-02-10T00:00:00", "published": "2004-02-10T00:00:00", "id": "EDB-ID:23677", "href": "https://www.exploit-db.com/exploits/23677/", "type": "exploitdb", "title": "MaxWebPortal 1.3x Personal Message SendTo Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/9625/info\r\n \r\nIt has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.\r\n \r\nMaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.\r\n\r\n<select name=\"Avatar_URL\" size=\"4\" onChange =\"if (CheckNav(3.0,4.0)) URL.src=form.Avatar_URL.options[form.Avatar_URL.options.selectedIndex].value;\">\r\n<option value=\"javascript:alert(document.cookie)\">POC-Avatar</option></select>", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23677/"}]}
