Vulnerabilities > CVE-2004-2670 - Cross-Site Scripting vulnerability in Endonesia 8.3

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
endonesia
exploit available
NVD
Published: 2004-12-31
Updated: 2017-07-29

Summary

Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.

Vulnerable Configurations

Part Description Count
Application
Endonesia
1

Exploit-Db

descriptioneNdonesia 8.3 Search Form Cross-Site Scripting Vulnerability. CVE-2004-2670. Webapps exploit for php platform
idEDB-ID:24348
last seen2016-02-02
modified2004-08-04
published2004-08-04
reporterAhmad Muammar
sourcehttps://www.exploit-db.com/download/24348/
titleeNdonesia 8.3 - Search Form Cross-Site Scripting Vulnerability

References