ID CVE-2004-0271 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:30:00
Description
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
This vulnerability is addressed in the following product release:
MaxWebPortal, MaxWebPortal, 1.32
{"exploitdb": [{"lastseen": "2016-02-02T21:33:02", "bulletinFamily": "exploit", "description": "MaxWebPortal 1.3x Personal Message SendTo Parameter XSS. CVE-2004-0271. Webapps exploit for asp platform", "modified": "2004-02-10T00:00:00", "published": "2004-02-10T00:00:00", "id": "EDB-ID:23677", "href": "https://www.exploit-db.com/exploits/23677/", "type": "exploitdb", "title": "MaxWebPortal 1.3x Personal Message SendTo Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/9625/info\r\n \r\nIt has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.\r\n \r\nMaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.\r\n\r\n<select name=\"Avatar_URL\" size=\"4\" onChange =\"if (CheckNav(3.0,4.0)) URL.src=form.Avatar_URL.options[form.Avatar_URL.options.selectedIndex].value;\">\r\n<option value=\"javascript:alert(document.cookie)\">POC-Avatar</option></select>", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23677/"}, {"lastseen": "2016-02-02T21:32:52", "bulletinFamily": "exploit", "description": "MaxWebPortal 1.3x down.asp HTTP_REFERER XSS. CVE-2004-0271. Webapps exploit for asp platform", "modified": "2004-02-10T00:00:00", "published": "2004-02-10T00:00:00", "id": "EDB-ID:23676", "href": "https://www.exploit-db.com/exploits/23676/", "type": "exploitdb", "title": "MaxWebPortal 1.3x down.asp HTTP_REFERER XSS", "sourceData": "source: http://www.securityfocus.com/bid/9625/info\r\n\r\nIt has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.\r\n\r\nMaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.\r\n\r\n<a href=\"<% =Request.ServerVariables(\"HTTP_REFERER\") %>\">Back</font></a></p>", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23676/"}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"sub_name\" variable upon submission to the \"dl_showall.asp\" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.32 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"sub_name\" variable upon submission to the \"dl_showall.asp\" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.maxwebportal.com/\n[Secunia Advisory ID:10840](https://secuniaresearch.flexerasoftware.com/advisories/10840/)\n[Related OSVDB ID: 3909](https://vulners.com/osvdb/OSVDB:3909)\n[Related OSVDB ID: 3908](https://vulners.com/osvdb/OSVDB:3908)\n[Related OSVDB ID: 3907](https://vulners.com/osvdb/OSVDB:3907)\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0258.html\nISS X-Force ID: 15120\n[CVE-2004-0271](https://vulners.com/cve/CVE-2004-0271)\n", "modified": "2004-02-10T05:04:16", "published": "2004-02-10T05:04:16", "href": "https://vulners.com/osvdb/OSVDB:3910", "id": "OSVDB:3910", "type": "osvdb", "title": "MaxWebPortal dl_showall.asp sub_name Variable XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate Avatar image file names upon submission to the register script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.32 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate Avatar image file names upon submission to the register script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.maxwebportal.com/\n[Secunia Advisory ID:10840](https://secuniaresearch.flexerasoftware.com/advisories/10840/)\n[Related OSVDB ID: 3909](https://vulners.com/osvdb/OSVDB:3909)\n[Related OSVDB ID: 3908](https://vulners.com/osvdb/OSVDB:3908)\n[Related OSVDB ID: 3910](https://vulners.com/osvdb/OSVDB:3910)\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0258.html\nISS X-Force ID: 15120\n[CVE-2004-0271](https://vulners.com/cve/CVE-2004-0271)\n", "modified": "2004-02-10T05:04:16", "published": "2004-02-10T05:04:16", "href": "https://vulners.com/osvdb/OSVDB:3907", "id": "OSVDB:3907", "type": "osvdb", "title": "MaxWebPortal register Avatar File Name XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTTP_REFERER upon submission to the down.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary HTML or script in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.32, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMaxWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTTP_REFERER upon submission to the down.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary HTML or script in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.maxwebportal.com/\n[Secunia Advisory ID:10840](https://secuniaresearch.flexerasoftware.com/advisories/10840/)\n[Related OSVDB ID: 3908](https://vulners.com/osvdb/OSVDB:3908)\n[Related OSVDB ID: 3907](https://vulners.com/osvdb/OSVDB:3907)\n[Related OSVDB ID: 3910](https://vulners.com/osvdb/OSVDB:3910)\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0258.html\nISS X-Force ID: 15120\n[CVE-2004-0271](https://vulners.com/cve/CVE-2004-0271)\nBugtraq ID: 9625\n", "modified": "2004-02-10T08:55:49", "published": "2004-02-10T08:55:49", "href": "https://vulners.com/osvdb/OSVDB:3909", "id": "OSVDB:3909", "type": "osvdb", "title": "MaxWebPortal down.asp HTTP_REFERER XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107643014606515&w=2\nISS X-Force ID: 15122\n[CVE-2004-0271](https://vulners.com/cve/CVE-2004-0271)\nBugtraq ID: 9625\n", "modified": "2004-02-10T23:48:11", "published": "2004-02-10T23:48:11", "href": "https://vulners.com/osvdb/OSVDB:15225", "id": "OSVDB:15225", "title": "MaxWebPortal Personal Message SendTo Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
