Lucene search

[email protected]CVE-2004-0301

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0301

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0301

cross-site scripting

xss

more.php

online store kit 3.0

vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.3%

JSON

Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter.

Affected configurations

NVD

Node

ecommerce_corporation_onlinestore_kitMatch3.0_lite

ecommerce_corporation_onlinestore_kitMatch3.0_pro

ecommerce_corporation_onlinestore_kitMatch3.0_standard

CPENameOperatorVersion
ecommerce_corporation_online:store_kitecommerce corporation online store kiteq3.0_lite
ecommerce_corporation_online:store_kitecommerce corporation online store kiteq3.0_pro
ecommerce_corporation_online:store_kitecommerce corporation online store kiteq3.0_standard

CPE	Name	Operator	Version
ecommerce_corporation_online:store_kit	ecommerce corporation online store kit	eq	3.0_lite
ecommerce_corporation_online:store_kit	ecommerce corporation online store kit	eq	3.0_pro
ecommerce_corporation_online:store_kit	ecommerce corporation online store kit	eq	3.0_standard

References

secunia.com/advisories/10902/

securitytracker.com/alerts/2004/Feb/1009079.html

www.securityfocus.com/bid/9676

www.systemsecure.org/advisories/ssadvisory16022004.php

exchange.xforce.ibmcloud.com/vulnerabilities/15235

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2004-0301

cvelist1 nvd1 nessus1