Vulnerability CVE-2004-0358


Published: 2004-11-23   Modified: 2012-02-12

Description:
Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Virtuasystems -> Virtuanews pro 

 References:
http://archives.neohapsis.com/archives/bugtraq/2004-03/0069.html
http://marc.info/?l=bugtraq&m=107851556116088&w=2
http://www.securityfocus.com/bid/9812
http://www.securityfocus.com/bid/9819
http://xforce.iss.net/xforce/xfdb/15402

Copyright 2024, cxsecurity.com

 

Back to Top