ID CVE-2004-2038
Summary Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php.
References
Vulnerable Configurations
  • cpe:2.3:a:neocrome:land_down_under:601:*:*:*:*:*:*:*
    cpe:2.3:a:neocrome:land_down_under:601:*:*:*:*:*:*:*
  • cpe:2.3:a:neocrome:land_down_under:602:*:*:*:*:*:*:*
    cpe:2.3:a:neocrome:land_down_under:602:*:*:*:*:*:*:*
  • cpe:2.3:a:neocrome:land_down_under:700.01:*:*:*:*:*:*:*
    cpe:2.3:a:neocrome:land_down_under:700.01:*:*:*:*:*:*:*
  • cpe:2.3:a:neocrome:land_down_under:700.02:*:*:*:*:*:*:*
    cpe:2.3:a:neocrome:land_down_under:700.02:*:*:*:*:*:*:*
  • cpe:2.3:a:neocrome:land_down_under:*:*:*:*:*:*:*:*
    cpe:2.3:a:neocrome:land_down_under:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 10435
bugtraq 20040529 LDU (land down under) xss vulnerability
confirm http://ldu.neocrome.net/page.php?id=1357
osvdb
  • 6508
  • 6510
  • 6511
sectrack 1010335
secunia 11739
xf ldu-bbcode-xss(16284)
Last major update 11-07-2017 - 01:31
Published 29-05-2004 - 04:00
Last modified 11-07-2017 - 01:31
Back to Top