Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2725

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2725
Last Modified 05 Sep 2008 04:44:56
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2725

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php.

Vulnerable Systems

Application

  • Aztek Forum 4.0


References

XF - aztek-forum-xss(18057)

BID - 11654

OSVDB - 11706

OSVDB - 11705

OSVDB - 11704

SECTRACK - 1012213

SECUNIA - 13202


Last Updated: 27 May 2016 10:39:36