Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2028

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2028
Last Modified 05 Sep 2008 04:43:00
Published 21 May 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2028

Summary

Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.

Vulnerable Systems

Application

  • E107 0.545

  • E107 0.554

  • E107 0.555 Beta

  • E107 0.6 10

  • E107 0.6 11

  • E107 0.6 12

  • E107 0.6 13

  • E107 0.6 14

  • E107 0.6 15

  • E107 0.6 15a

  • E107 0.603


References

XF - e107-log-xss(16231)

BID - 10395

SECUNIA - 11693

BUGTRAQ - 20040521 e107 web portal Referers HTTP Injection

OSVDB - 6345


Last Updated: 27 May 2016 10:39:18