Vulnerabilities > CVE-2004-1651 - HTML Injection vulnerability in Brickhost PHPscheduleit 1.0Rc1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses : XSS |
NASL id | PHPSCHEDULEIT_XSS.NASL |
description | According to its banner, the version of phpScheduleIt on the remote host is earlier than 1.0.0. Such versions are vulnerable to HTML injection issues. For example, an attacker may add malicious HTML and JavaScript code in a schedule page if he has the right to edit the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14613 |
published | 2004-09-01 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14613 |
title | phpScheduleIt 1.0.0 RC1 Multiple XSS |
code |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2004-09/0216.html
- http://marc.info/?l=bugtraq&m=109399590602709&w=2
- http://securitytracker.com/id?1011127
- http://www.osvdb.org/9451
- http://www.securityfocus.com/bid/11080
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17193
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17194