Published: 01/09/2004 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpwebsite phpwebsite 0.7.3
phpwebsite phpwebsite 0.9.3
phpwebsite phpwebsite 0.9.3.4
phpwebsite phpwebsite 0.8.2
phpwebsite phpwebsite 0.8.3

source: wwwsecurityfocuscom/bid/11088/info It is reported that phpWebSite is susceptible to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities The cross-site scripting issue is present in a parameter of the comments module script An attacker can exploit these issues by creating a malicious link to the vulne ...

NVD-CWE-Other http://www.gulftech.org/?node=research&article_id=00048-08312004 http://www.phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=822 http://www.securityfocus.com/bid/11088 http://secunia.com/advisories/12438 http://securitytracker.com/id?1011120 http://marc.info/?l=bugtraq&m=109413493005513&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17203 https://exchange.xforce.ibmcloud.com/vulnerabilities/17202 https://nvd.nist.gov https://www.exploit-db.com/exploits/24425/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1655

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect