Lucene search

[email protected]CVE-2004-2651

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2651

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

2651

cross-site scripting

xss

vulnerabilities

yacy

web script

html

index.html

wiki.html

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html.

CPENameOperatorVersion
michael_christen:yacymichael christen yacyeq0.15_build2004-03-18
michael_christen:yacymichael christen yacyeq0.22_build2004-07-11
michael_christen:yacymichael christen yacyeq0.12_build2004-02-04
michael_christen:yacymichael christen yacyeq0.20_build2004-06-14
michael_christen:yacymichael christen yacyeq0.14_build2004-02-13
michael_christen:yacymichael christen yacyeq0.30_build2004-11-25
michael_christen:yacymichael christen yacyeq0.25_build2004-08-22
michael_christen:yacymichael christen yacyeq0.11_build2004-01-24
michael_christen:yacymichael christen yacyeq0.29_build2004-10-22
michael_christen:yacymichael christen yacyeq0.23_build2004-08-08

CPE	Name	Operator	Version
michael_christen:yacy	michael christen yacy	eq	0.15_build2004-03-18
michael_christen:yacy	michael christen yacy	eq	0.22_build2004-07-11
michael_christen:yacy	michael christen yacy	eq	0.12_build2004-02-04
michael_christen:yacy	michael christen yacy	eq	0.20_build2004-06-14
michael_christen:yacy	michael christen yacy	eq	0.14_build2004-02-13
michael_christen:yacy	michael christen yacy	eq	0.30_build2004-11-25
michael_christen:yacy	michael christen yacy	eq	0.25_build2004-08-22
michael_christen:yacy	michael christen yacy	eq	0.11_build2004-01-24
michael_christen:yacy	michael christen yacy	eq	0.29_build2004-10-22
michael_christen:yacy	michael christen yacy	eq	0.23_build2004-08-08

Rows per page:

1-10 of 251

References

archives.neohapsis.com/archives/bugtraq/2004-12/0413.html

securitytracker.com/id?1012686

www.osvdb.org/12629

www.osvdb.org/12630

www.securityfocus.com/bid/12104

www.yacy.net/yacy/News.html

exchange.xforce.ibmcloud.com/vulnerabilities/18688

exchange.xforce.ibmcloud.com/vulnerabilities/18690

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for CVE-2004-2651

openvas2 nessus1