Search...

CVE-2004-1845

2004-12-31T05:00:00

ID CVE-2004-1845
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:31:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.

JSON Vulners Source

Initial Source

{"id": "CVE-2004-1845", "bulletinFamily": "NVD", "title": "CVE-2004-1845", "description": "Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.", "published": "2004-12-31T05:00:00", "modified": "2017-07-11T01:31:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1845", "reporter": "cve@mitre.org", "references": ["http://www.osvdb.org/4492", "http://secunia.com/advisories/11180", "http://www.osvdb.org/4493", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15548", "http://marc.info/?l=bugtraq&m=107999733503496&w=2", "http://www.securityfocus.com/bid/9935", "http://securitytracker.com/id?1009507", "http://www.osvdb.org/4494"], "cvelist": ["CVE-2004-1845"], "type": "cve", "lastseen": "2019-05-29T18:08:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "b691d2c2049cdcc2e248e7e51644c891"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "fde42cec59d52f90c699965375fece76"}, {"key": "cpe23", "hash": "d50212edd0d62bf906d54ad63c97c39e"}, {"key": "cvelist", "hash": "c1e6940d848898429e6587906a52e683"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "1376299678e4b22a45cbb6e661929c18"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "386c262bf90ee99bab6ab2ab36efa610"}, {"key": "href", "hash": "7583f4c387c5fa16d5b66ee82b211560"}, {"key": "modified", "hash": "523ab2b584257b356b93ab54fd2d1554"}, {"key": "published", "hash": "3f051342f862f2833e883053d29ea929"}, {"key": "references", "hash": "e0f793440e9df7c2cc344246adf171cc"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5982fe4ca7d685a0e692043983f2974f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "0a0c133b75eacabb169f2783ff6e49e9aeea86026bbcecd376d65d37366d6cd5", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:23857", "EDB-ID:23859", "EDB-ID:23858"]}], "modified": "2019-05-29T18:08:04"}, "score": {"value": 4.5, "vector": "NONE", "modified": "2019-05-29T18:08:04"}, "vulnersScore": 4.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:expinion.net:news_manager_lite:2.5"], "affectedSoftware": [{"name": "expinion.net news_manager_lite", "operator": "eq", "version": "2.5"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:expinion.net:news_manager_lite:2.5:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-02T21:57:51", "bulletinFamily": "exploit", "description": "Expinion.net News Manager Lite 2.5 comment_add.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "modified": "2004-03-20T00:00:00", "published": "2004-03-20T00:00:00", "id": "EDB-ID:23857", "href": "https://www.exploit-db.com/exploits/23857/", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 comment_add.asp XSS", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n\r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n\r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n\r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/comment_add.asp?ID=3&email=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23857/"}, {"lastseen": "2016-02-02T21:58:06", "bulletinFamily": "exploit", "description": "Expinion.net News Manager Lite 2.5 category_news_headline.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "modified": "2004-03-20T00:00:00", "published": "2004-03-20T00:00:00", "id": "EDB-ID:23859", "href": "https://www.exploit-db.com/exploits/23859/", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 category_news_headline.asp XSS", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n \r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n \r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n \r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/category_news_headline.asp?ID=2&n=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23859/"}, {"lastseen": "2016-02-02T21:57:59", "bulletinFamily": "exploit", "description": "Expinion.net News Manager Lite 2.5 search.asp XSS. CVE-2004-1845. Webapps exploit for asp platform", "modified": "2004-03-20T00:00:00", "published": "2004-03-20T00:00:00", "id": "EDB-ID:23858", "href": "https://www.exploit-db.com/exploits/23858/", "type": "exploitdb", "title": "Expinion.net News Manager Lite 2.5 - search.asp XSS", "sourceData": "source: http://www.securityfocus.com/bid/9935/info\r\n \r\nMultiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.\r\n \r\nThe issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.\r\n \r\nNews Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.\r\n\r\nhttp://www.example.com/search.asp?search=[XSS]", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23858/"}]}