Vulnerabilities > CVE-2004-1665 - Cross-Site Scripting vulnerability in Psnews 1.1

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

psnews

nessus

exploit available

NVD

Published: 2004-09-05

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter.

Vulnerable Configurations

Part	Description	Count
Application	Psnews Psnews Psnews 1.1	1

Exploit-Db

description	PSNews 1.1 No Parameter Cross-Site Scripting Vulnerability. CVE-2004-1665 . Webapps exploit for php platform
id	EDB-ID:24575
last seen	2016-02-02
modified	2004-09-05
published	2004-09-05
reporter	Michal Blaszczak
source	https://www.exploit-db.com/download/24575/
title	PSNews 1.1 No Parameter Cross-Site Scripting Vulnerability

Nessus

NASL family	CGI abuses : XSS
NASL id	PSNEWS_XSS.NASL
description	The remote server is running a version of PsNews (a content management system) which is older than 1.2. This version is affected by multiple cross-site scripting flaws. An attacker may exploit these to steal the cookies from legitimate users of this website.
last seen	2020-06-01
modified	2020-06-02
plugin id	14685
published	2004-09-08
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14685
title	PsNews index.php Multiple Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References