Lucene search

[email protected]CVE-2004-2402

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2402

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

2402

yabb.pl

cross-site scripting

xss

vulnerability

web script

html

remote

nvd

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.5%

JSON

Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.

CPENameOperatorVersion
yabb:yabbyabbeq2000-09-11
yabb:yabbyabbeq1.40
yabb:yabbyabbeq1_gold_-_sp_1
yabb:yabbyabbeq1_gold_-_sp_1.3.2
yabb:yabbyabbeq1_gold_-_sp_1.3
yabb:yabbyabbeq2000-09-01
yabb:yabbyabbeq1_gold_-_sp_1.2
yabb:yabbyabbeq1.41
yabb:yabbyabbeq1_gold_release
yabb:yabbyabbeq1_gold_-_sp_1.3.1

CPE	Name	Operator	Version
yabb:yabb	yabb	eq	2000-09-11
yabb:yabb	yabb	eq	1.40
yabb:yabb	yabb	eq	1_gold_-_sp_1
yabb:yabb	yabb	eq	1_gold_-_sp_1.3.2
yabb:yabb	yabb	eq	1_gold_-_sp_1.3
yabb:yabb	yabb	eq	2000-09-01
yabb:yabb	yabb	eq	1_gold_-_sp_1.2
yabb:yabb	yabb	eq	1.41
yabb:yabb	yabb	eq	1_gold_release
yabb:yabb	yabb	eq	1_gold_-_sp_1.3.1

References

archives.neohapsis.com/archives/bugtraq/2004-09/0227.html

secunia.com/advisories/12593

www.osvdb.org/10242

www.securityfocus.com/bid/11215

exchange.xforce.ibmcloud.com/vulnerabilities/17452

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2004-2402

cvelist1 openvas1 nessus1