Search...

CVE-2004-1845

2004-12-31T05:00:00

ID CVE-2004-1845
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:31:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.

JSON Vulners Source

Initial Source

{"id": "CVE-2004-1845", "bulletinFamily": "NVD", "title": "CVE-2004-1845", "description": "Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.", "published": "2004-12-31T05:00:00", "modified": "2017-07-11T01:31:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1845", "reporter": "cve@mitre.org", "references": ["http://www.osvdb.org/4492", "http://secunia.com/advisories/11180", "http://www.osvdb.org/4493", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15548", "http://marc.info/?l=bugtraq&m=107999733503496&w=2", "http://www.securityfocus.com/bid/9935", "http://securitytracker.com/id?1009507", "http://www.osvdb.org/4494"], "cvelist": ["CVE-2004-1845"], "type": "cve", "lastseen": "2021-02-02T05:23:00", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:23857", "EDB-ID:23859", "EDB-ID:23858"]}], "modified": "2021-02-02T05:23:00", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-02-02T05:23:00", "rev": 2}, "vulnersScore": 4.5}, "cpe": ["cpe:/a:expinion.net:news_manager_lite:2.5"], "affectedSoftware": [{"cpeName": "expinion.net:news_manager_lite", "name": "expinion.net news manager lite", "operator": "eq", "version": "2.5"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:expinion.net:news_manager_lite:2.5:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:expinion.net:news_manager_lite:2.5:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "4494", "refsource": "OSVDB", "tags": ["Exploit"], "url": "http://www.osvdb.org/4494"}, {"name": "9935", "refsource": "BID", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/9935"}, {"name": "4492", "refsource": "OSVDB", "tags": ["Exploit"], "url": "http://www.osvdb.org/4492"}, {"name": "11180", "refsource": "SECUNIA", "tags": ["Exploit"], "url": "http://secunia.com/advisories/11180"}, {"name": "4493", "refsource": "OSVDB", "tags": ["Exploit"], "url": "http://www.osvdb.org/4493"}, {"name": "20040322 Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration", "refsource": "BUGTRAQ", "tags": [], "url": "http://marc.info/?l=bugtraq&m=107999733503496&w=2"}, {"name": "1009507", "refsource": "SECTRACK", "tags": [], "url": "http://securitytracker.com/id?1009507"}, {"name": "news-manager-xss(15548)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15548"}]}

{"exploitdb": [{"lastseen": "2016-02-02T21:57:51", "description": "Expinion.net News Manager Lite 2.5 comment_add.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "published": "2004-03-20T00:00:00", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 comment_add.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23857", "href": "https://www.exploit-db.com/exploits/23857/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n\r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n\r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n\r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/comment_add.asp?ID=3&email=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23857/"}, {"lastseen": "2016-02-02T21:57:59", "description": "Expinion.net News Manager Lite 2.5 search.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "published": "2004-03-20T00:00:00", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 - search.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23858", "href": "https://www.exploit-db.com/exploits/23858/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n \r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n \r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n \r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/search.asp?search=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23858/"}, {"lastseen": "2016-02-02T21:58:06", "description": "Expinion.net News Manager Lite 2.5 category_news_headline.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "published": "2004-03-20T00:00:00", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 category_news_headline.asp XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1845"], "modified": "2004-03-20T00:00:00", "id": "EDB-ID:23859", "href": "https://www.exploit-db.com/exploits/23859/", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n \r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n \r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n \r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/category_news_headline.asp?ID=2&n=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23859/"}]}