CVE-2004-1640

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/11064	Exploit Vendor Advisory
http://secunia.com/advisories/12424	Vendor Advisory
http://cyruxnet.org/modulo_dic_xoops.htm
http://www.osvdb.org/9393
http://www.osvdb.org/9394
http://marc.info/?l=bugtraq&m=109394077209963&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17154
https://exchange.xforce.ibmcloud.com/vulnerabilities/17152

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:xoops:xoops_dictionary:1.0:::::::*
	cpe:2.3:a:xoops:xoops_dictionary:0.94:::::::*

Information

Published : 2004-08-27 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-1640

Mitre link : CVE-2004-1640

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

xoops

xoops_dictionary

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/11064", "name": "11064", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/12424", "name": "12424", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://cyruxnet.org/modulo_dic_xoops.htm", "name": "http://cyruxnet.org/modulo_dic_xoops.htm", "tags": [], "refsource": "MISC"}, {"url": "http://www.osvdb.org/9393", "name": "9393", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/9394", "name": "9394", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=bugtraq&m=109394077209963&w=2", "name": "20040828 Cross Site Scripting in XOOPS Version 2.x Dictionary module", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17154", "name": "xoops-dictionary-letter-xss(17154)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17152", "name": "xoops-dictionary-search-xss(17152)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1640", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-08-28T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:xoops:xoops_dictionary:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:xoops:xoops_dictionary:0.94:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}