ID CVE-2004-2511
Summary Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
References
Vulnerable Configurations
  • cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:codeworx_technologies:dcp-portal:*:*:*:*:*:*:*:*
    cpe:2.3:a:codeworx_technologies:dcp-portal:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid
  • 11338
  • 11339
bugtraq 20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal
osvdb
  • 10585
  • 10587
  • 10588
  • 10589
  • 10590
  • 11405
sectrack 1006351
secunia 12751
xf
  • dcpportal-get-xss(17638)
  • dcpportal-post-xss(17639)
Last major update 11-07-2017 - 01:31
Published 31-12-2004 - 05:00
Back to Top