CVE-2004-1645 - Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary w

CVE-2004-1645

Summary

Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.

References

http://marc.info/?l=bugtraq&m=109394018411394&w=2
http://secunia.com/advisories/12418
http://www.gulftech.org/?node=research&article_id=00047-08302004
http://www.securityfocus.com/bid/11071
https://exchange.xforce.ibmcloud.com/vulnerabilities/17166

Vulnerable Configurations

cpe:2.3:a:jerod_moemeka:xedus:1.0:*:*:*:*:*:*:*
cpe:2.3:a:jerod_moemeka:xedus:1.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	11071
bugtraq	20040830 Multiple Vulnerabilities In Xedus Webserver
misc	http://www.gulftech.org/?node=research&article_id=00047-08302004
secunia	12418
xf	xedus-test-xss(17166)

Last major update

11-07-2017 - 01:31

Published

30-08-2004 - 04:00

Last modified

11-07-2017 - 01:31