Vulnerabilities > CVE-2004-2511 - Unspecified vulnerability in Codeworx Technologies Dcp-Portal
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
Vulnerable Configurations
Exploit-Db
description DCP-Portal 3.7/4.x/5.x news.php cid Parameter XSS. CVE-2004-2511. Webapps exploit for php platform id EDB-ID:24662 last seen 2016-02-02 modified 2004-10-06 published 2004-10-06 reporter Alexander Antipov source https://www.exploit-db.com/download/24662/ title DCP-Portal 3.7/4.x/5.x news.php cid Parameter XSS description DCP-Portal 3.7/4.x/5.x announcement.php cid Parameter XSS. CVE-2004-2511. Webapps exploit for php platform id EDB-ID:24661 last seen 2016-02-02 modified 2004-10-06 published 2004-10-06 reporter Alexander Antipov source https://www.exploit-db.com/download/24661/ title DCP-Portal 3.7/4.x/5.x announcement.php cid Parameter XSS description DCP-Portal 3.7/4.x/5.x calendar.php Multiple Parameter XSS. CVE-2004-2511. Webapps exploit for php platform id EDB-ID:24659 last seen 2016-02-02 modified 2004-10-06 published 2004-10-06 reporter Alexander Antipov source https://www.exploit-db.com/download/24659/ title DCP-Portal 3.7/4.x/5.x calendar.php Multiple Parameter XSS
Nessus
NASL family | CGI abuses : XSS |
NASL id | DCP_PORTAL_XSS.NASL |
description | The version of DCP-Portal installed on the remote host fails to sanitize input to the script |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11446 |
published | 2003-03-23 |
reporter | This script is Copyright (C) 2003-2018 k-otik.com & Copyright (C) 2004-2014 David Maciejak |
source | https://www.tenable.com/plugins/nessus/11446 |
title | DCP-Portal Multiple Script XSS |
code |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
- http://secunia.com/advisories/12751
- http://secunia.com/advisories/12751
- http://securitytracker.com/id?1006351
- http://securitytracker.com/id?1006351
- http://www.osvdb.org/10585
- http://www.osvdb.org/10585
- http://www.osvdb.org/10587
- http://www.osvdb.org/10587
- http://www.osvdb.org/10588
- http://www.osvdb.org/10588
- http://www.osvdb.org/10589
- http://www.osvdb.org/10589
- http://www.osvdb.org/10590
- http://www.osvdb.org/10590
- http://www.osvdb.org/11405
- http://www.osvdb.org/11405
- http://www.securityfocus.com/bid/11338
- http://www.securityfocus.com/bid/11338
- http://www.securityfocus.com/bid/11339
- http://www.securityfocus.com/bid/11339
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17639
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17639