Lucene search

[email protected]CVE-2004-2656

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2656

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

2656

xss

vulnerabilities

slashcode

slash

r_2_5_0_41

web script

html

search.pl

submit.pl

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.

CPENameOperatorVersion
open_source_development_network:slashcodeopen source development network slashcodeeq2.2.5
open_source_development_network:slashcodeopen source development network slashcodeler_2_5_0_41

CPE	Name	Operator	Version
open_source_development_network:slashcode	open source development network slashcode	eq	2.2.5
open_source_development_network:slashcode	open source development network slashcode	le	r_2_5_0_41

References

archives.neohapsis.com/archives/bugtraq/2004-12/0170.html

secunia.com/advisories/13491

www.osvdb.org/21874

www.osvdb.org/21875

www.securityfocus.com/bid/11993

www.slashcode.com/slash/04/12/20/1946225.shtml?tid=11&tid=5&tid=4

exchange.xforce.ibmcloud.com/vulnerabilities/18508

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON