Vulnerabilities > CVE-2004-0248 - Multiple vulnerability in PHPx 3.2.3

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

phpx

NVD

Published: 2004-11-23

Updated: 2017-07-11

Summary

Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum. This vulnerability is addressed in the following product release: PHPX, PHPX, 3.2.4

Vulnerable Configurations

Part	Description	Count
Application	Phpx Phpx Phpx 3.2.3	1

References

http://marc.info/?l=bugtraq&m=107586932324901&w=2
http://secunia.com/advisories/10797/
http://www.securityfocus.com/bid/9569
https://exchange.xforce.ibmcloud.com/vulnerabilities/15050
https://exchange.xforce.ibmcloud.com/vulnerabilities/15051