Lucene search

[email protected]CVE-2004-2245

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2245

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

2245

cross-site scripting

xss

vulnerability

goollery 0.03

remote attackers

arbitrary html

web script

page parameter

viewalbum.php

btopage parameter

viewpic.php

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.065 Low

EPSS

Percentile

93.6%

JSON

Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.

CPENameOperatorVersion
goollery:goollerygoolleryeq0.3

CPE	Name	Operator	Version
goollery:goollery	goollery	eq	0.3

References

securitytracker.com/id?1012062

www.osvdb.org/11318

www.osvdb.org/11319

www.osvdb.org/11320

www.osvdb.org/ref/11/11xxx-goollery_multiple.txt

www.securityfocus.com/bid/11587

exchange.xforce.ibmcloud.com/vulnerabilities/17957

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.065 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2004-2245

openvas2 nessus1