Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2085

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2085
Last Modified 05 Sep 2008 04:43:09
Published 04 Feb 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2085

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.

Vulnerable Systems

Application

  • Brad Fears Phpcodecabinet 0.1

  • Brad Fears Phpcodecabinet 0.2

  • Brad Fears Phpcodecabinet 0.3

  • Brad Fears Phpcodecabinet 0.4


References

XF - phpcodecabinet-multiple-xss(15190)

BID - 9645

BID - 9601

OSVDB - 3887

OSVDB - 3886

OSVDB - 3885

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=214860

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/phpcc/header.php?r1=1.4&r2=1.5

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/facade/header.php?r1=1.4&r2=1.5

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/input.php?r1=1.7&r2=1.8

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/comments.php?r1=1.1&r2=1.2

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/category.php?r1=1.4&r2=1.5

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/browse.php?r1=1.5&r2=1.6

OSVDB - 16711

OSVDB - 16710

SECTRACK - 1009012

SECUNIA - 10862


Last Updated: 27 May 2016 10:39:20