Lucene search

[email protected]CVE-2004-2210

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2004-2210

2022-10-0316:14:15

[email protected]

web.nvd.nist.gov

cve-2004-2210

xss

cross-site scripting

express-web cms

remote attackers

cookie theft

authentication info

security exploit

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.

Affected configurations

NVD

Node

express-webexpress-web_content_management_system

CPENameOperatorVersion
express-web:express-web_content_management_systemexpress-web express-web content management systemeq*

CPE	Name	Operator	Version
express-web:express-web_content_management_system	express-web express-web content management system	eq	*

References

www.maxpatrol.com/advdetails.asp?id=12

www.maxpatrol.com/mp_advisory.asp

www.securityfocus.com/bid/11426

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVE-2004-2210

cvelist1 nvd1