CVE-2004-1657

Опубликовано: 01 сент. 2004

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.

Ссылки

http://marc.info/?l=bugtraq&m=109443321830050&w=2
http://secunia.com/advisories/12416
Exploit
Patch
Vendor Advisory
http://staff.newtelligence.net/clemensv/PermaLink.aspx?guid=69bce168-cb09-4f09-8d53-f0b97f11b198
Vendor Advisory
http://www.securityfocus.com/bid/11086
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17174
http://marc.info/?l=bugtraq&m=109443321830050&w=2
http://secunia.com/advisories/12416
Exploit
Patch
Vendor Advisory
http://staff.newtelligence.net/clemensv/PermaLink.aspx?guid=69bce168-cb09-4f09-8d53-f0b97f11b198
Vendor Advisory
http://www.securityfocus.com/bid/11086
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17174

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:newtelligence:dasblog:1.3:*:*:*:*:*:*:*

cpe:2.3:a:newtelligence:dasblog:1.4:*:*:*:*:*:*:*

cpe:2.3:a:newtelligence:dasblog:1.5:*:*:*:*:*:*:*

cpe:2.3:a:newtelligence:dasblog:1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00823

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-j37c-fr9j-g7mj

github

почти 4 года назад