Vulnerabilities > CVE-2004-1837 - HTML Injection vulnerability in Joel Palmius Mod_Survey Survey Input Field

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

joel-palmius

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings.

Vulnerable Configurations

Part	Description	Count
Application	Joel_Palmius Joel Palmius MOD Survey 3.0.0 Joel Palmius MOD Survey 3.0.1 Joel Palmius MOD Survey 3.0.2 Joel Palmius MOD Survey 3.0.3 Joel Palmius MOD Survey 3.0.4 Joel Palmius MOD Survey 3.0.5 Joel Palmius MOD Survey 3.0.6 Joel Palmius MOD Survey 3.0.9 Joel Palmius MOD Survey 3.0.10 Joel Palmius MOD Survey 3.0.11 Joel Palmius MOD Survey 3.0.12 Joel Palmius MOD Survey 3.0.13 Joel Palmius MOD Survey 3.0.14 Joel Palmius MOD Survey 3.0.14D Joel Palmius MOD Survey 3.0.14E Joel Palmius MOD Survey 3.0.15 Joel Palmius MOD Survey 3.0.15_Pre1 Joel Palmius MOD Survey 3.0.15_Pre2 Joel Palmius MOD Survey 3.0.15_Pre3 Joel Palmius MOD Survey 3.0.15_Pre4 Joel Palmius MOD Survey 3.0.15_Pre5 Joel Palmius MOD Survey 3.0.15_Pre6 Joel Palmius MOD Survey 3.0.16_Pre1 Joel Palmius MOD Survey 3.2.0_Pre1 Joel Palmius MOD Survey 3.2.0_Pre2 Joel Palmius MOD Survey 3.2.0_Pre3	26

Summary

Vulnerable Configurations

References