Vulnerability CVE-2004-0067
Published: 2004-02-17   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Phpgedview -> Phpgedview 

 References:
http://marc.info/?l=bugtraq&m=107394912715478&w=2
http://securitytracker.com/id?1018613
http://www.securityfocus.com/archive/1/477881/100/0/threaded
http://www.securityfocus.com/bid/11868
http://www.securityfocus.com/bid/11880
http://www.securityfocus.com/bid/11882
http://www.securityfocus.com/bid/11888
http://www.securityfocus.com/bid/11890
http://www.securityfocus.com/bid/11891
http://www.securityfocus.com/bid/11894
http://www.securityfocus.com/bid/11903
http://www.securityfocus.com/bid/11904
http://www.securityfocus.com/bid/11905
http://www.securityfocus.com/bid/11906
http://www.securityfocus.com/bid/11907
http://www.vupen.com/english/advisories/2007/2995
https://exchange.xforce.ibmcloud.com/vulnerabilities/14212
https://exchange.xforce.ibmcloud.com/vulnerabilities/36285
Copyright 2024, cxsecurity.com

 

Back to Top