Vulnerabilities > CVE-2004-1845 - Multiple vulnerability in Expinion.Net News Manager Lite 2.5

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
expinion-net
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.

Vulnerable Configurations

Part Description Count
Application
Expinion.Net
1

Exploit-Db

  • descriptionExpinion.net News Manager Lite 2.5 category_news_headline.asp XSS. CVE-2004-1845. Webapps exploit for asp platform
    idEDB-ID:23859
    last seen2016-02-02
    modified2004-03-20
    published2004-03-20
    reporterManuel Lopez
    sourcehttps://www.exploit-db.com/download/23859/
    titleExpinion.net News Manager Lite 2.5 category_news_headline.asp XSS
  • descriptionExpinion.net News Manager Lite 2.5 search.asp XSS. CVE-2004-1845. Webapps exploit for asp platform
    idEDB-ID:23858
    last seen2016-02-02
    modified2004-03-20
    published2004-03-20
    reporterManuel Lopez
    sourcehttps://www.exploit-db.com/download/23858/
    titleExpinion.net News Manager Lite 2.5 - search.asp XSS
  • descriptionExpinion.net News Manager Lite 2.5 comment_add.asp XSS. CVE-2004-1845. Webapps exploit for asp platform
    idEDB-ID:23857
    last seen2016-02-02
    modified2004-03-20
    published2004-03-20
    reporterManuel Lopez
    sourcehttps://www.exploit-db.com/download/23857/
    titleExpinion.net News Manager Lite 2.5 comment_add.asp XSS