Lucene search

[email protected]CVE-2004-2702

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2702

2004-12-3105:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2004-2702

cross-site scripting

xss vulnerability

plesk 7.0

plesk 7.1

remote attackers

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

77.4%

JSON

Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.

CPENameOperatorVersion
swsoft:pleskswsoft pleskeq7.0
swsoft:pleskswsoft pleskeq7.1

CPE	Name	Operator	Version
swsoft:plesk	swsoft plesk	eq	7.0
swsoft:plesk	swsoft plesk	eq	7.1

References

archives.neohapsis.com/archives/fulldisclosure/2004-08/1022.html

archives.neohapsis.com/archives/fulldisclosure/2004-08/1031.html

archives.neohapsis.com/archives/fulldisclosure/2004-12/0554.html

secunia.com/advisories/12368

securitytracker.com/id?1011042

www.osvdb.org/9149

www.securityfocus.com/bid/11024

exchange.xforce.ibmcloud.com/vulnerabilities/17085

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2004-2702

cvelist2 nessus1 cve1