ID CVE-2004-1845 Type cve Reporter NVD Modified 2017-07-10T21:31:23
Description
Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.
{"exploitdb": [{"lastseen": "2016-02-02T21:58:06", "osvdbidlist": ["4494"], "references": [], "edition": 1, "description": "Expinion.net News Manager Lite 2.5 category_news_headline.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "reporter": "Manuel Lopez", "published": "2004-03-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 category_news_headline.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23859", "href": "https://www.exploit-db.com/exploits/23859/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n \r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n \r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n \r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/category_news_headline.asp?ID=2&n=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23859/"}, {"lastseen": "2016-02-02T21:57:51", "osvdbidlist": ["4492"], "references": [], "edition": 1, "description": "Expinion.net News Manager Lite 2.5 comment_add.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "reporter": "Manuel Lopez", "published": "2004-03-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 comment_add.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23857", "href": "https://www.exploit-db.com/exploits/23857/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n\r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n\r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n\r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/comment_add.asp?ID=3&email=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23857/"}, {"lastseen": "2016-02-02T21:57:59", "osvdbidlist": ["4493"], "references": [], "edition": 1, "description": "Expinion.net News Manager Lite 2.5 search.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "reporter": "Manuel Lopez", "published": "2004-03-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 - search.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23858", "href": "https://www.exploit-db.com/exploits/23858/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n \r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n \r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n \r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/search.asp?search=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23858/"}]}
