CVE-2004-2085

Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://sourceforge.net/project/shownotes.php?release_id=214860	Vendor Advisory
http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/comments.php?r1=1.1&r2=1.2	Vendor Advisory
http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/category.php?r1=1.4&r2=1.5	Vendor Advisory
http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/input.php?r1=1.7&r2=1.8	Vendor Advisory
http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/browse.php?r1=1.5&r2=1.6	Vendor Advisory
http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/facade/header.php?r1=1.4&r2=1.5	Vendor Advisory
http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/phpcc/header.php?r1=1.4&r2=1.5	Vendor Advisory
http://www.securityfocus.com/bid/9601	Patch Vendor Advisory
http://www.securityfocus.com/bid/9645	Patch Vendor Advisory
http://www.osvdb.org/3885	Vendor Advisory
http://www.osvdb.org/3886	Patch Vendor Advisory
http://www.osvdb.org/3887	Patch Vendor Advisory
http://www.osvdb.org/16710
http://www.osvdb.org/16711
http://securitytracker.com/id?1009012
http://secunia.com/advisories/10862
https://exchange.xforce.ibmcloud.com/vulnerabilities/15190

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:brad_fears:phpcodecabinet:0.2:::::::*
	cpe:2.3:a:brad_fears:phpcodecabinet:0.3:::::::*
	cpe:2.3:a:brad_fears:phpcodecabinet:0.4:::::::*
	cpe:2.3:a:brad_fears:phpcodecabinet:0.1:::::::*

Information

Published : 2004-02-03 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2085

Mitre link : CVE-2004-2085

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

brad_fears

phpcodecabinet

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sourceforge.net/project/shownotes.php?release_id=214860", "name": "http://sourceforge.net/project/shownotes.php?release_id=214860", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/comments.php?r1=1.1&r2=1.2", "name": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/comments.php?r1=1.1&r2=1.2", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/category.php?r1=1.4&r2=1.5", "name": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/category.php?r1=1.4&r2=1.5", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/input.php?r1=1.7&r2=1.8", "name": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/input.php?r1=1.7&r2=1.8", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/browse.php?r1=1.5&r2=1.6", "name": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/browse.php?r1=1.5&r2=1.6", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/facade/header.php?r1=1.4&r2=1.5", "name": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/facade/header.php?r1=1.4&r2=1.5", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/phpcc/header.php?r1=1.4&r2=1.5", "name": "http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/phpcc/header.php?r1=1.4&r2=1.5", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/9601", "name": "9601", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/9645", "name": "9645", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.osvdb.org/3885", "name": "3885", "tags": ["Vendor Advisory"], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/3886", "name": "3886", "tags": ["Patch", "Vendor Advisory"], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/3887", "name": "3887", "tags": ["Patch", "Vendor Advisory"], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/16710", "name": "16710", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/16711", "name": "16711", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1009012", "name": "1009012", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/10862", "name": "10862", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15190", "name": "phpcodecabinet-multiple-xss(15190)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2085", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-02-04T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:brad_fears:phpcodecabinet:0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:brad_fears:phpcodecabinet:0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:brad_fears:phpcodecabinet:0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:brad_fears:phpcodecabinet:0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}