Lucene search

[email protected]NVD:CVE-2004-1871

HistoryMar 29, 2004 - 5:00 a.m.

CVE-2004-1871

2004-03-2905:00:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.

Affected configurations

Nvd

Node

photopostphotopost_php_proMatch3.1

photopostphotopost_php_proMatch3.2

photopostphotopost_php_proMatch3.3

photopostphotopost_php_proMatch4.0

photopostphotopost_php_proMatch4.1

photopostphotopost_php_proMatch4.6

photopostphotopost_php_proMatch4.8.1

VendorProductVersionCPE
photopostphotopost_php_pro3.1cpe:2.3:a:photopost:photopost_php_pro:3.1:*:*:*:*:*:*:*
photopostphotopost_php_pro3.2cpe:2.3:a:photopost:photopost_php_pro:3.2:*:*:*:*:*:*:*
photopostphotopost_php_pro3.3cpe:2.3:a:photopost:photopost_php_pro:3.3:*:*:*:*:*:*:*
photopostphotopost_php_pro4.0cpe:2.3:a:photopost:photopost_php_pro:4.0:*:*:*:*:*:*:*
photopostphotopost_php_pro4.1cpe:2.3:a:photopost:photopost_php_pro:4.1:*:*:*:*:*:*:*
photopostphotopost_php_pro4.6cpe:2.3:a:photopost:photopost_php_pro:4.6:*:*:*:*:*:*:*
photopostphotopost_php_pro4.8.1cpe:2.3:a:photopost:photopost_php_pro:4.8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
photopost	photopost_php_pro	3.1	cpe:2.3:a:photopost:photopost_php_pro:3.1:::::::*
photopost	photopost_php_pro	3.2	cpe:2.3:a:photopost:photopost_php_pro:3.2:::::::*
photopost	photopost_php_pro	3.3	cpe:2.3:a:photopost:photopost_php_pro:3.3:::::::*
photopost	photopost_php_pro	4.0	cpe:2.3:a:photopost:photopost_php_pro:4.0:::::::*
photopost	photopost_php_pro	4.1	cpe:2.3:a:photopost:photopost_php_pro:4.1:::::::*
photopost	photopost_php_pro	4.6	cpe:2.3:a:photopost:photopost_php_pro:4.6:::::::*
photopost	photopost_php_pro	4.8.1	cpe:2.3:a:photopost:photopost_php_pro:4.8.1:::::::*

References

marc.info/?l=bugtraq&m=108057790723123&w=2

secunia.com/advisories/11241

securitytracker.com/id?1009571

www.gulftech.org/03282004.php

www.securityfocus.com/bid/9994

exchange.xforce.ibmcloud.com/vulnerabilities/15643

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Related for NVD:CVE-2004-1871

cve1 cvelist1 exploitdb1 exploitpack1