Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0358

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-0358
Last Modified 05 Sep 2008 04:38:13
Published 23 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0358

Summary

Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.

Vulnerable Systems

Application

  • Virtuasystems Virtuanews Pro 1.0

  • Virtuasystems Virtuanews Pro 1.0.1

  • Virtuasystems Virtuanews Pro 1.0.2

  • Virtuasystems Virtuanews Pro 1.0.3


References

XF - virtuanews-multiple-xss(15402)

BID - 9819

BID - 9812

BUGTRAQ - 20040305 VirtuaNews Admin Panel 1.0.3 Pro Cross Site Scripting Vulnerabillity

BUGTRAQ - 20040307 RE: VirtuaNews Admin Panel 1.0.3 Pro Cross Site Scripting Vulnerabillity


Last Updated: 27 May 2016 10:38:34