Vulnerability CVE-2004-2492


Published: 2004-12-31   Modified: 2012-02-12

Description:
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.

Vendor: Hitachi
Product: Groupmax world wide web desktop 
Version:
06_52_b
06_52
06_51_c
06_51_b
06_51
06_50_c
06_50_b
06_00
05_11_j
05_11_i
05_11_f
05_00

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.osvdb.org/12154
http://www.hitachi-support.com/security_e/vuls_e/HS04-007_e/01-e.html
http://xforce.iss.net/xforce/xfdb/18277
http://www.securityfocus.com/bid/11773
http://secunia.com/advisories/13321

Related CVE
CVE-2018-14735
An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message.
CVE-2017-9298
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
CVE-2017-9294
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
CVE-2017-9295
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
CVE-2017-9296
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
CVE-2017-9297
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
CVE-2015-1565
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used ...
CVE-2014-4189
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unsp...

Copyright 2019, cxsecurity.com

 

Back to Top