Lucene search

[email protected]CVE-2004-2084

HistoryMay 19, 2005 - 4:00 a.m.

CVE-2004-2084

2005-05-1904:00:00

[email protected]

web.nvd.nist.gov

cve

2004

2084

xss

vulnerability

jshop

e-commerce

server

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON

Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.

Affected configurations

NVD

Node

jshop_e-commercejshop_professionalMatch3.0

jshop_e-commercejshop_professionalMatch3.1

jshop_e-commercejshop_professionalMatch3.2

jshop_e-commercejshop_professionalMatch3.3

jshop_e-commercejshop_professionalMatch3.4

jshop_e-commercejshop_serverMatch1.0.1

jshop_e-commercejshop_serverMatch1.0.2

jshop_e-commercejshop_serverMatch1.0.3

jshop_e-commercejshop_serverMatch1.0.4

jshop_e-commercejshop_serverMatch1.1.0

jshop_e-commercejshop_serverMatch1.2.0

CPENameOperatorVersion
jshop_e-commerce:jshop_professionaljshop e-commerce jshop professionaleq3.0
jshop_e-commerce:jshop_professionaljshop e-commerce jshop professionaleq3.1
jshop_e-commerce:jshop_professionaljshop e-commerce jshop professionaleq3.2
jshop_e-commerce:jshop_professionaljshop e-commerce jshop professionaleq3.3
jshop_e-commerce:jshop_professionaljshop e-commerce jshop professionaleq3.4
jshop_e-commerce:jshop_serverjshop e-commerce jshop servereq1.0.1
jshop_e-commerce:jshop_serverjshop e-commerce jshop servereq1.0.2
jshop_e-commerce:jshop_serverjshop e-commerce jshop servereq1.0.3
jshop_e-commerce:jshop_serverjshop e-commerce jshop servereq1.0.4
jshop_e-commerce:jshop_serverjshop e-commerce jshop servereq1.1.0

CPE	Name	Operator	Version
jshop_e-commerce:jshop_professional	jshop e-commerce jshop professional	eq	3.0
jshop_e-commerce:jshop_professional	jshop e-commerce jshop professional	eq	3.1
jshop_e-commerce:jshop_professional	jshop e-commerce jshop professional	eq	3.2
jshop_e-commerce:jshop_professional	jshop e-commerce jshop professional	eq	3.3
jshop_e-commerce:jshop_professional	jshop e-commerce jshop professional	eq	3.4
jshop_e-commerce:jshop_server	jshop e-commerce jshop server	eq	1.0.1
jshop_e-commerce:jshop_server	jshop e-commerce jshop server	eq	1.0.2
jshop_e-commerce:jshop_server	jshop e-commerce jshop server	eq	1.0.3
jshop_e-commerce:jshop_server	jshop e-commerce jshop server	eq	1.0.4
jshop_e-commerce:jshop_server	jshop e-commerce jshop server	eq	1.1.0

Rows per page:

1-10 of 111

References

secunia.com/advisories/10825

securitytracker.com/id?1008988

www.osvdb.org/3889

www.securityfocus.com/bid/9609

www.systemsecure.org/advisories/ssadvisory09022004.php

exchange.xforce.ibmcloud.com/vulnerabilities/15100

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2004-2084

exploitdb1 nvd1 openvas1 cvelist1