Vulnerabilities > CVE-2004-2514 - Unspecified vulnerability in Powerportal 1.1B/1.3/1.3B

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
powerportal
nessus
exploit available
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field.

Vulnerable Configurations

Part Description Count
Application
Powerportal
3

Exploit-Db

descriptionPowerPortal 1.1/1.3 Private Message HTML Injection Vulnerability. CVE-2004-2514. Webapps exploit for php platform
idEDB-ID:24340
last seen2016-02-02
modified2004-07-30
published2004-07-30
reportervampz
sourcehttps://www.exploit-db.com/download/24340/
titlePowerPortal 1.1/1.3 - Private Message HTML Injection Vulnerability

Nessus

NASL familyCGI abuses : XSS
NASL idPOWERPORTAL_PRIVMSG_HTML_INJECTION.NASL
descriptionThe remote host is using PowerPortal, a content management system, written in PHP. A vulnerability exists in the remote version of this product that may allow a remote attacker to inject arbitrary HTML tags in when sending a private message to a victim user of the remote portal. An attacker may exploit this flaw to steal the credentials of another user on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id14178
published2004-08-01
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14178
titlePowerPortal modules/private_messages/index.php Multiple Parameter XSS

References