Lucene search

[email protected]CVE-2004-1640

HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1640

2005-02-2005:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1640

xss

xoops

web script

html

security vulnerability

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.008

Percentile

82.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.

Affected configurations

NVD

Node

xoopsxoops_dictionaryMatch0.94

xoopsxoops_dictionaryMatch1.0

References

cyruxnet.org/modulo_dic_xoops.htm

marc.info/?l=bugtraq&m=109394077209963&w=2

secunia.com/advisories/12424

www.osvdb.org/9393

www.osvdb.org/9394

www.securityfocus.com/bid/11064

exchange.xforce.ibmcloud.com/vulnerabilities/17152

exchange.xforce.ibmcloud.com/vulnerabilities/17154

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.008

Percentile

82.1%

JSON

Related for CVE-2004-1640

cvelist1 nvd1 nessus1