Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1204

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2003-1204
Last Modified 05 Sep 2008 04:36:19
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1204

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.

Vulnerable Systems


References

XF - mambo-multiple-scripts-xss(11050)

BID - 6571

BUGTRAQ - 20030110 Mambo Site Server Remote Code Execution

OSVDB - 7505

OSVDB - 7504

OSVDB - 7503

OSVDB - 7502

OSVDB - 7501

OSVDB - 7500

OSVDB - 7499

OSVDB - 7498

OSVDB - 7497

OSVDB - 7496

OSVDB - 7495


Last Updated: 27 May 2016 10:38:16