Vulnerabilities > CVE-2004-1630 - Remote Cross-Site Scripting And Connection Proxy vulnerability in OpenWFE

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

openwfe

NVD

Published: 2004-10-25

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter.

Vulnerable Configurations

Part	Description	Count
Application	Openwfe Openwfe Work Flow Engine 1.4 Openwfe Work Flow Engine 1.4.1 Openwfe Work Flow Engine 1.4.2 Openwfe Work Flow Engine 1.4.3 Openwfe Work Flow Engine 1.4.4 Openwfe Work Flow Engine 1.4.5	6

References

http://marc.info/?l=bugtraq&m=109876304705234&w=2
http://secunia.com/advisories/12970
http://www.securityfocus.com/bid/11514
https://exchange.xforce.ibmcloud.com/vulnerabilities/17853