Vulnerabilities > CVE-2004-1735 - HTML Injection vulnerability in Sympa New List
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | Sympa 4.x New List HTML Injection Vulnerability. CVE-2004-1735. Webapps exploit for php platform |
id | EDB-ID:24389 |
last seen | 2016-02-02 |
modified | 2004-08-21 |
published | 2004-08-21 |
reporter | Jose Antonio |
source | https://www.exploit-db.com/download/24389/ |
title | Sympa 4.x New List HTML Injection Vulnerability |
Nessus
NASL family | CGI abuses : XSS |
NASL id | SYMPA_NEW_LIST_XSS.NASL |
description | According to its version number, the installation of Sympa on the remote host contains an HTML injection vulnerability that may allow a user who has the privileges to create a new list to inject HTML tags in the list description field. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14323 |
published | 2004-08-22 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14323 |
title | Sympa New List Creation Description Field XSS |
code |
|