Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2084

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2084
Last Modified 05 Sep 2008 04:43:09
Published 07 Feb 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2084

Summary

Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.

Vulnerable Systems

Application

  • Jshop E-commerce Jshop Professional 3.0

  • Jshop E-commerce Jshop Professional 3.1

  • Jshop E-commerce Jshop Professional 3.2

  • Jshop E-commerce Jshop Professional 3.3

  • Jshop E-commerce Jshop Professional 3.4

  • Jshop E-commerce Jshop Server 1.0.1

  • Jshop E-commerce Jshop Server 1.0.2

  • Jshop E-commerce Jshop Server 1.0.3

  • Jshop E-commerce Jshop Server 1.0.4

  • Jshop E-commerce Jshop Server 1.1.0

  • Jshop E-commerce Jshop Server 1.2.0


References

XF - jshop-searchphp-xss(15100)

OSVDB - 3889

MISC - http://www.systemsecure.org/advisories/ssadvisory09022004.php

BID - 9609

SECTRACK - 1008988

SECUNIA - 10825


Last Updated: 27 May 2016 10:39:20