Lucene search

[email protected]CVE-2004-2752

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2752

2004-12-3105:00:00

CWE-79

[email protected]

web.nvd.nist.gov

postnuke

downloads module

xss

cross-site scripting

security vulnerability

cve-2004-2752

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.4%

JSON

Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.

CPENameOperatorVersion
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.726

CPE	Name	Operator	Version
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.726

References

securitytracker.com/id?1008629

www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html

www.gulftech.org/01032004.php

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.4%

JSON

Related for CVE-2004-2752

cvelist1