Lucene search

[email protected]CVE-2004-0271

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0271

2004-11-2305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

maxwebportal

xss

cross-site scripting

security vulnerability

web script execution

6.9 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.

CPENameOperatorVersion
maxwebportal:maxwebportalmaxwebportaleq1.30
maxwebportal:maxwebportalmaxwebportaleq1.31

CPE	Name	Operator	Version
maxwebportal:maxwebportal	maxwebportal	eq	1.30
maxwebportal:maxwebportal	maxwebportal	eq	1.31

References

marc.info/?l=bugtraq&m=107643014606515&w=2

www.securityfocus.com/bid/9625

exchange.xforce.ibmcloud.com/vulnerabilities/15120

exchange.xforce.ibmcloud.com/vulnerabilities/15122

6.9 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON