Lucene search

[email protected]CVE-2004-2618

HistoryDec 04, 2005 - 11:00 a.m.

CVE-2004-2618

2005-12-0411:00:00

[email protected]

web.nvd.nist.gov

cve-2004-2618

cross-site scripting

xss

pegasi web server

pws

remote attackers

uri

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial ‘/’ (slash).

Affected configurations

NVD

Node

pegasi_web_serverpegasi_web_serverMatch0.2.2

CPENameOperatorVersion
pegasi_web_server:pegasi_web_serverpegasi web servereq0.2.2

CPE	Name	Operator	Version
pegasi_web_server:pegasi_web_server	pegasi web server	eq	0.2.2

References

archives.neohapsis.com/archives/bugtraq/2004-03/0109.html

archives.neohapsis.com/archives/bugtraq/2004-03/0136.html

secunia.com/advisories/11122

sourceforge.net/forum/forum.php?forum_id=359660

www.autistici.org/fdonato/advisory/pws0.2.2-adv.txt

www.osvdb.org/4255

www.securityfocus.com/bid/9847

exchange.xforce.ibmcloud.com/vulnerabilities/15436

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2004-2618

cvelist1 nvd1