Vulnerabilities > CVE-2004-1954 - Multiple vulnerability in PHProfession 2.5

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

phprofession

exploit available

NVD

Published: 2004-04-21

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.

Vulnerable Configurations

Part	Description	Count
Application	Phprofession Phprofession Phprofession 2.5	1

Exploit-Db

description	phProfession 2.5 modules.php jcode Parameter XSS. CVE-2004-1954. Webapps exploit for php platform
id	EDB-ID:24036
last seen	2016-02-02
modified	2004-04-23
published	2004-04-23
reporter	Janek Vind
source	https://www.exploit-db.com/download/24036/
title	phProfession 2.5 modules.php jcode Parameter XSS

References

http://marc.info/?l=bugtraq&m=108258931430060&w=2
http://secunia.com/advisories/11465
http://www.osvdb.org/5624
http://www.securityfocus.com/bid/10190
http://www.waraxe.us/index.php?modname=sa&id=21
https://exchange.xforce.ibmcloud.com/vulnerabilities/15931