Lucene search

[email protected]CVE-2004-1829

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1829

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

xss

vulnerabilities

gijza.net error manager 2.1

php-nuke 6.0

security

injection

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log.

Affected configurations

NVD

Node

error_managerphp-nuke_moduleMatch2.1

CPENameOperatorVersion
error_manager:php-nuke_moduleerror manager php-nuke moduleeq2.1

CPE	Name	Operator	Version
error_manager:php-nuke_module	error manager php-nuke module	eq	2.1

References

marc.info/?l=bugtraq&m=107963064317560&w=2

secunia.com/advisories/11164

www.osvdb.org/4384

www.securityfocus.com/bid/9911

exchange.xforce.ibmcloud.com/vulnerabilities/15529

exchange.xforce.ibmcloud.com/vulnerabilities/15530

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2004-1829

cvelist1 nvd1