Lucene search

MitreCVE-2004-2085

HistoryMay 19, 2005 - 4:00 a.m.

CVE-2004-2085

2005-05-1904:00:00

mitre

web.nvd.nist.gov

vulnerability

xss

cross-site scripting

phpcodecabinet

web script

html

remote attackers

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.007

Percentile

80.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.

Affected configurations

Nvd

Node

brad_fearsphpcodecabinetMatch0.1

brad_fearsphpcodecabinetMatch0.2

brad_fearsphpcodecabinetMatch0.3

brad_fearsphpcodecabinetMatch0.4

VendorProductVersionCPE
brad_fearsphpcodecabinet0.1cpe:2.3:a:brad_fears:phpcodecabinet:0.1:*:*:*:*:*:*:*
brad_fearsphpcodecabinet0.2cpe:2.3:a:brad_fears:phpcodecabinet:0.2:*:*:*:*:*:*:*
brad_fearsphpcodecabinet0.3cpe:2.3:a:brad_fears:phpcodecabinet:0.3:*:*:*:*:*:*:*
brad_fearsphpcodecabinet0.4cpe:2.3:a:brad_fears:phpcodecabinet:0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
brad_fears	phpcodecabinet	0.1	cpe:2.3:a:brad_fears:phpcodecabinet:0.1:::::::*
brad_fears	phpcodecabinet	0.2	cpe:2.3:a:brad_fears:phpcodecabinet:0.2:::::::*
brad_fears	phpcodecabinet	0.3	cpe:2.3:a:brad_fears:phpcodecabinet:0.3:::::::*
brad_fears	phpcodecabinet	0.4	cpe:2.3:a:brad_fears:phpcodecabinet:0.4:::::::*

References

cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/browse.php?r1=1.5&r2=1.6

cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/category.php?r1=1.4&r2=1.5

cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/comments.php?r1=1.1&r2=1.2

cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/input.php?r1=1.7&r2=1.8

cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/facade/header.php?r1=1.4&r2=1.5

cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/phpcc/header.php?r1=1.4&r2=1.5

secunia.com/advisories/10862

securitytracker.com/id?1009012

sourceforge.net/project/shownotes.php?release_id=214860

www.osvdb.org/16710

www.osvdb.org/16711

www.osvdb.org/3885

www.osvdb.org/3886

www.osvdb.org/3887

www.securityfocus.com/bid/9601

www.securityfocus.com/bid/9645

exchange.xforce.ibmcloud.com/vulnerabilities/15190

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.007

Percentile

80.4%

JSON

Related for CVE-2004-2085