Vulnerabilities > CVE-2004-2072 - Cross-Site Scripting vulnerability in Mambo Open Source 4.6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Mambo Open Source 4.6 Itemid Parameter Cross-Site Scripting Vulnerability. CVE-2004-2072. Webapps exploit for php platform |
id | EDB-ID:23657 |
last seen | 2016-02-02 |
modified | 2004-02-05 |
published | 2004-02-05 |
reporter | David Sopas Ferreira |
source | https://www.exploit-db.com/download/23657/ |
title | Mambo Open Source 4.6 Itemid Parameter Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses : XSS |
NASL id | MAMBO_XSS2.NASL |
description | An attacker may use the installed version of Mambo Site Server to perform a cross-site scripting attack on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12045 |
published | 2004-02-06 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/12045 |
title | Mambo Site Server itemid Parameter XSS |
code |
|