CVE-2004-0271

Published: 23/11/2004 Updated: 11/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote malicious users to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
maxwebportal maxwebportal 1.30
maxwebportal maxwebportal 1.31

source: wwwsecurityfocuscom/bid/9625/info It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input The specific issues include cross-site scripting, HTML injection and SQL injection MaxWebPortal versions prior to 132 have been reported to be prone to these ...

source: wwwsecurityfocuscom/bid/9625/info It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input The specific issues include cross-site scripting, HTML injection and SQL injection MaxWebPortal versions prior to 132 have been reported to be prone to thes ...

NVD-CWE-Other http://www.securityfocus.com/bid/9625 http://marc.info/?l=bugtraq&m=107643014606515&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15122 https://exchange.xforce.ibmcloud.com/vulnerabilities/15120 https://nvd.nist.gov https://www.exploit-db.com/exploits/23676/

CVE-2004-0271

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect