CVE-2004-2550

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.

Ссылки

http://secunia.com/advisories/11028
Patch
Vendor Advisory
http://sourceforge.net/forum/forum.php?forum_id=356882
http://www.osvdb.org/4132
Patch
http://www.securityfocus.com/bid/9801
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/15377
http://secunia.com/advisories/11028
Patch
Vendor Advisory
http://sourceforge.net/forum/forum.php?forum_id=356882
http://www.osvdb.org/4132
Patch
http://www.securityfocus.com/bid/9801
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/15377

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xperience:sandsurfer:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:xperience:sandsurfer:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:xperience:sandsurfer:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:xperience:sandsurfer:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:xperience:sandsurfer:1.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00427

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-mhfj-c75x-2vfv

github

почти 4 года назад