CVE-2004-2138 - Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote a

CVE-2004-2138

Summary

Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the (1) Name, (2) Email, (3) Homepage or (4) Comments field.

References

http://www.computerknights.org/forum_viewtopic.php?2.122
http://www.securityfocus.com/bid/11234
http://securitytracker.com/id?1011376
https://exchange.xforce.ibmcloud.com/vulnerabilities/17462

Vulnerable Configurations

cpe:2.3:a:allwebscripts:mysqlguest:*:*:*:*:*:*:*:*
cpe:2.3:a:allwebscripts:mysqlguest:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	11234
misc	http://www.computerknights.org/forum_viewtopic.php?2.122
sectrack	1011376
xf	mysqlguest-awsguestphp-xss(17462)

Last major update

14-02-2024 - 01:17

Published

31-12-2004 - 05:00

Last modified

14-02-2024 - 01:17