Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpgedview | Phpgedview | <= 2.65 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=107394912715478&w=2
- http://secunia.com/advisories/26628Vendor Advisory
- http://securitytracker.com/id?1018613
- http://www.osvdb.org/3473
- http://www.osvdb.org/3474
- http://www.osvdb.org/3475
- http://www.osvdb.org/3476
- http://www.osvdb.org/3477
- http://www.osvdb.org/3478
- http://www.osvdb.org/3479
- http://www.securityfocus.com/archive/1/477881/100/0/threaded
- http://www.securityfocus.com/bid/11868
- http://www.securityfocus.com/bid/11880
- http://www.securityfocus.com/bid/11882
- http://www.securityfocus.com/bid/11888
FAQ
What is CVE-2004-0067?
CVE-2004-0067 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, ...
How severe is CVE-2004-0067?
CVE-2004-0067 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0067?
Check the references section above for vendor advisories and patch information. Affected products include: Phpgedview Phpgedview.