Vulnerabilities > CVE-2004-0271 - Input Validation vulnerability in Maxwebportal 1.30/1.31
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form. This vulnerability is addressed in the following product release: MaxWebPortal, MaxWebPortal, 1.32
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description MaxWebPortal 1.3x Personal Message SendTo Parameter XSS. CVE-2004-0271. Webapps exploit for asp platform id EDB-ID:23677 last seen 2016-02-02 modified 2004-02-10 published 2004-02-10 reporter Manuel Lopez source https://www.exploit-db.com/download/23677/ title MaxWebPortal 1.3x Personal Message SendTo Parameter XSS description MaxWebPortal 1.3x down.asp HTTP_REFERER XSS. CVE-2004-0271. Webapps exploit for asp platform id EDB-ID:23676 last seen 2016-02-02 modified 2004-02-10 published 2004-02-10 reporter Manuel Lopez source https://www.exploit-db.com/download/23676/ title MaxWebPortal 1.3x down.asp HTTP_REFERER XSS