| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
| CVE-2004-2084 | 19 May 200504:00 | – | cve | |
| CVE-2004-2084 | 19 May 200504:00 | – | cvelist | |
| JShop E-Commerce Suite xSearch Cross-Site Scripting Vulnerability | 9 Feb 200400:00 | – | exploitdb | |
| EUVD-2004-2076 | 7 Oct 202500:30 | – | euvd | |
| CVE-2004-2084 | 7 Feb 200405:00 | – | nvd |
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/9609 |
| securityfocus | www.securityfocus.com/bid/11003 |
| securityfocus | www.securityfocus.com/bid/12403 |
# SPDX-FileCopyrightText: 2004 Noam Rathaus
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.14352");
script_version("2023-12-13T05:05:23+0000");
script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_cve_id("CVE-2004-2084");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/11003");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/12403");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/9609");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("JShop XSS Vulnerability");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2004 Noam Rathaus");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "cross_site_scripting.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_tag(name:"solution", value:"Upgrade to the latest version of this software");
script_tag(name:"summary", value:"J-Shop is prone to a cross-site scripting (XSS) vulnerability.");
script_tag(name:"insight", value:"The remote version of this software is vulnerable to an XSS
attack. An attacker can exploit it by compromising the parameters to the files help.php and/or
search.php.");
script_tag(name:"impact", value:"This can be used to take advantage of the trust between a client and server
allowing the malicious user to execute malicious JavaScript on the client's machine.");
script_tag(name:"qod", value:"50"); # Prone to false positives
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) ) exit( 0 );
host = http_host_name( dont_add_port:TRUE );
if( http_get_has_generic_xss( port:port, host:host ) ) exit( 0 );
foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {
if( dir == "/" ) dir = "";
url = dir + "/page.php?xPage=<script>alert(document.cookie)</script>";
if( http_vuln_check( port:port, url:url, check_header:TRUE, pattern:"<script>alert\(document.cookie\)</script>" ) ) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
}
exit( 99 );
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation