Lucene search

MitreCVE-2004-1871

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1871

2005-05-1004:00:00

mitre

web.nvd.nist.gov

cve

2004

1871

xss

vulnerabilities

photopost php pro

web script

html

parameters

showmembers.php

photo

album

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.

Affected configurations

Nvd

Node

photopostphotopost_php_proMatch3.1

photopostphotopost_php_proMatch3.2

photopostphotopost_php_proMatch3.3

photopostphotopost_php_proMatch4.0

photopostphotopost_php_proMatch4.1

photopostphotopost_php_proMatch4.6

photopostphotopost_php_proMatch4.8.1

VendorProductVersionCPE
photopostphotopost_php_pro3.1cpe:2.3:a:photopost:photopost_php_pro:3.1:*:*:*:*:*:*:*
photopostphotopost_php_pro3.2cpe:2.3:a:photopost:photopost_php_pro:3.2:*:*:*:*:*:*:*
photopostphotopost_php_pro3.3cpe:2.3:a:photopost:photopost_php_pro:3.3:*:*:*:*:*:*:*
photopostphotopost_php_pro4.0cpe:2.3:a:photopost:photopost_php_pro:4.0:*:*:*:*:*:*:*
photopostphotopost_php_pro4.1cpe:2.3:a:photopost:photopost_php_pro:4.1:*:*:*:*:*:*:*
photopostphotopost_php_pro4.6cpe:2.3:a:photopost:photopost_php_pro:4.6:*:*:*:*:*:*:*
photopostphotopost_php_pro4.8.1cpe:2.3:a:photopost:photopost_php_pro:4.8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
photopost	photopost_php_pro	3.1	cpe:2.3:a:photopost:photopost_php_pro:3.1:::::::*
photopost	photopost_php_pro	3.2	cpe:2.3:a:photopost:photopost_php_pro:3.2:::::::*
photopost	photopost_php_pro	3.3	cpe:2.3:a:photopost:photopost_php_pro:3.3:::::::*
photopost	photopost_php_pro	4.0	cpe:2.3:a:photopost:photopost_php_pro:4.0:::::::*
photopost	photopost_php_pro	4.1	cpe:2.3:a:photopost:photopost_php_pro:4.1:::::::*
photopost	photopost_php_pro	4.6	cpe:2.3:a:photopost:photopost_php_pro:4.6:::::::*
photopost	photopost_php_pro	4.8.1	cpe:2.3:a:photopost:photopost_php_pro:4.8.1:::::::*

References

marc.info/?l=bugtraq&m=108057790723123&w=2

secunia.com/advisories/11241

securitytracker.com/id?1009571

www.gulftech.org/03282004.php

www.securityfocus.com/bid/9994

exchange.xforce.ibmcloud.com/vulnerabilities/15643

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Related for CVE-2004-1871