ID CVE-2004-1845 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:31:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.
{"exploitdb": [{"lastseen": "2016-02-02T21:57:51", "description": "Expinion.net News Manager Lite 2.5 comment_add.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "published": "2004-03-20T00:00:00", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 comment_add.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23857", "href": "https://www.exploit-db.com/exploits/23857/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n\r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n\r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n\r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/comment_add.asp?ID=3&email=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23857/"}, {"lastseen": "2016-02-02T21:57:59", "description": "Expinion.net News Manager Lite 2.5 search.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "published": "2004-03-20T00:00:00", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 - search.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23858", "href": "https://www.exploit-db.com/exploits/23858/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n \r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n \r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n \r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/search.asp?search=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23858/"}, {"lastseen": "2016-02-02T21:58:06", "description": "Expinion.net News Manager Lite 2.5 category_news_headline.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "published": "2004-03-20T00:00:00", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 category_news_headline.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23859", "href": "https://www.exploit-db.com/exploits/23859/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n \r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n \r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n \r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/category_news_headline.asp?ID=2&n=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23859/"}]}