Vulnerabilities > CVE-2004-1657 - HTML Injection vulnerability in Newtelligence DasBlog Request Log
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | Newtelligence DasBlog 1.x Request Log HTML Injection Vulnerability. CVE-2004-1657. Webapps exploit for php platform |
id | EDB-ID:24424 |
last seen | 2016-02-02 |
modified | 2004-09-01 |
published | 2004-09-01 |
reporter | Dominick Baier |
source | https://www.exploit-db.com/download/24424/ |
title | Newtelligence DasBlog 1.x Request Log HTML Injection Vulnerability |
Nessus
NASL family | CGI abuses : XSS |
NASL id | DASBLOG_XSS.NASL |
description | The remote host is running dasBlog, a .NET blog system. According to its version number, it is vulnerable to multiple cross-site scripting issues. It is reported that versions up to and including 1.6.0 are vulnerable. The application does not sanitize the Referer and User-Agent HTTP headers. An attacker could use this to trick a user into executing arbitrary script code in the context of the web server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14639 |
published | 2004-09-02 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14639 |
title | DasBlog Activity / Event Viewer Multiple HTTP Header XSS |
code |
|