CVE-2004-2363

Published: 31/12/2004 Updated: 14/02/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 up to and including 3.2.6 allows remote malicious users to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpx phpx 3.2.4
phpx phpx 3.2.5
phpx phpx 3.1.0
phpx phpx 3.1.2
phpx phpx 3.0.4
phpx phpx 3.0.0
phpx phpx 3.1.4
phpx phpx 3.0.2
phpx phpx 3.0.1
phpx phpx 3.0.6
phpx phpx 3.2.0
phpx phpx 3.1.3
phpx phpx 3.2.2
phpx phpx 3.0.7
phpx phpx 3.1.1
phpx phpx 3.2.6
phpx phpx 3.2.3
phpx phpx 3.0.5
phpx phpx 3.2.1
phpx phpx 3.0.3

source: wwwsecurityfocuscom/bid/10283/info It has been reported that PHPX is affected by multiple cross-site scripting vulnerabilities These issues are due to a failure of the application to properly sanitize user-supplied URI input These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML an ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/362230 http://www.phpx.org/project.php?action=view&project_id=1 http://www.securityfocus.com/bid/10283 https://exchange.xforce.ibmcloud.com/vulnerabilities/16065 https://nvd.nist.gov https://www.exploit-db.com/exploits/24083/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2363

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect