Lucene search

[email protected]CVE-2004-2098

HistoryMay 27, 2005 - 4:00 a.m.

CVE-2004-2098

2005-05-2704:00:00

[email protected]

web.nvd.nist.gov

xss

vulnerability

tbe 5.0

remote code execution

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.

Affected configurations

NVD

Node

native_solutionstbe_banner_engineMatch4.0

native_solutionstbe_banner_engineMatch5.0

CPENameOperatorVersion
native_solutions:tbe_banner_enginenative solutions tbe banner engineeq4.0
native_solutions:tbe_banner_enginenative solutions tbe banner engineeq5.0

CPE	Name	Operator	Version
native_solutions:tbe_banner_engine	native solutions tbe banner engine	eq	4.0
native_solutions:tbe_banner_engine	native solutions tbe banner engine	eq	5.0

References

marc.info/?l=bugtraq&m=107479071808330&w=2

www.securityfocus.com/bid/9472

exchange.xforce.ibmcloud.com/vulnerabilities/14911

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2004-2098

nvd1 cvelist1