CVE-2004-2564 - Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and poss

CVE-2004-2564

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.

References

http://secunia.com/advisories/11748
http://securitytracker.com/id?1010353
http://www.oliverkarow.de/research/sambar.txt
http://www.osvdb.org/6583
http://www.osvdb.org/6584
http://www.securityfocus.com/bid/10444
https://exchange.xforce.ibmcloud.com/vulnerabilities/16286

Vulnerable Configurations

cpe:2.3:a:sambar:sambar_server:6.1:beta2:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:6.1:beta2:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	10444
misc	http://www.oliverkarow.de/research/sambar.txt
osvdb	6583 6584
sectrack	1010353
secunia	11748
xf	sambar-show-showperf-xss(16286)

Last major update

11-07-2017 - 01:32

Published

31-12-2004 - 05:00

Last modified

11-07-2017 - 01:32