Lucene search

[email protected]CVE-2004-1420

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1420

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-1420

xss

whm autopilot

security vulnerabilities

web script

html

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.

CPENameOperatorVersion
whm:autopilotwhm autopiloteq2.4.6
whm:autopilotwhm autopiloteq2.4.6.5
whm:autopilotwhm autopiloteq2.4.5

CPE	Name	Operator	Version
whm:autopilot	whm autopilot	eq	2.4.6
whm:autopilot	whm autopilot	eq	2.4.6.5
whm:autopilot	whm autopilot	eq	2.4.5

References

marc.info/?l=bugtraq&m=110425620105529&w=2

marc.info/?l=bugtraq&m=110451997904494&w=2

secunia.com/advisories/13673

www.gulftech.org/?node=research&article_id=00059-12272004

www.securityfocus.com/bid/12119

www.whmautopilot.com/forum/lofiversion/index.php/t6785.html

exchange.xforce.ibmcloud.com/vulnerabilities/18700

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2004-1420

nessus1 exploitpack1 exploitdb1