Vulnerabilities > CVE-2004-2064 - HTML Injection vulnerability in Verylost LostBook Message Entry

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
verylost
exploit available

Summary

Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.

Vulnerable Configurations

Part Description Count
Application
Verylost
1

Exploit-Db

descriptionVerylost LostBook 1.1 Message Entry HTML Injection Vulnerability. CVE-2004-2064. Webapps exploit for php platform
idEDB-ID:24333
last seen2016-02-02
modified2004-07-29
published2004-07-29
reporterJoseph Moniz
sourcehttps://www.exploit-db.com/download/24333/
titleVerylost LostBook 1.1 Message Entry HTML Injection Vulnerability