Vulnerabilities > CVE-2004-1197 - Cross-Site Scripting vulnerability in InShop and InMail

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

insite

nessus

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter.

Vulnerable Configurations

Part	Description	Count
Application	Insite Insite Inmail * Insite Inshop *	2

Nessus

NASL family	CGI abuses : XSS
NASL id	INMAIL_INSHOP_XSS.NASL
description	The remote host is using InMail/InShop, a web applications written in Perl. An implementation error in the validation of the user input specifically in the script
last seen	2020-06-01
modified	2020-06-02
plugin id	15864
published	2004-11-30
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15864
title	InMail/InShop inmail.pl / inshop.pl XSS

Summary

Vulnerable Configurations

Nessus

References