Lucene search

[email protected]CVE-2004-0271

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0271

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

maxwebportal

xss

cross-site scripting

security vulnerability

web script execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.

Affected configurations

NVD

Node

maxwebportalmaxwebportalMatch1.30

maxwebportalmaxwebportalMatch1.31

CPENameOperatorVersion
maxwebportal:maxwebportalmaxwebportaleq1.30
maxwebportal:maxwebportalmaxwebportaleq1.31

CPE	Name	Operator	Version
maxwebportal:maxwebportal	maxwebportal	eq	1.30
maxwebportal:maxwebportal	maxwebportal	eq	1.31

References

marc.info/?l=bugtraq&m=107643014606515&w=2

www.securityfocus.com/bid/9625

exchange.xforce.ibmcloud.com/vulnerabilities/15120

exchange.xforce.ibmcloud.com/vulnerabilities/15122

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

Related for CVE-2004-0271

nvd1 cvelist1