Vulnerabilities > CVE-2004-2199 - Remote vulnerability in Duware Duclassified 4.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | DUWARE_MULTIPLE_FLAWS.NASL |
description | The remote host is running a product published by DUware - either DUclassmate, DUclassified or DUforum. There is a flaw in the remote version of this software that could allow an attacker to execute arbitrary SQL statements on the remote host by supplying malformed values to the arguments of /admin/, messages.asp or messagesDetails.asp. In addition, DUclassified contains a cross-site scripting vulnerability in Message Text handling. DUclassmate contains an unauthorized password manipulation issue in account.asp. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15453 |
published | 2004-10-11 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15453 |
title | DUware Products Multiple Remote Vulnerabilities (SQLi, XSS) |
code |
|