Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2738

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2738
Last Modified 05 Sep 2008 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2738

Summary

Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Vulnerable Systems

Application

  • Zeroboard 4.1 Pl2

  • Zeroboard 4.1 Pl3

  • Zeroboard 4.1 Pl4


References

XF - zeroboard-checkuserid-xss(18680)

BID - 12103

OSVDB - 12582

SECTRACK - 1012677

SECUNIA - 13649

BUGTRAQ - 20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard

FULLDISC - 20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard


Last Updated: 27 May 2016 10:39:36