Vulnerability Description
Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpwebsite | Phpwebsite | 0.7.3 |
References
- http://marc.info/?l=bugtraq&m=109413493005513&w=2
- http://secunia.com/advisories/12438ExploitPatchVendor Advisory
- http://securitytracker.com/id?1011120
- http://www.gulftech.org/?node=research&article_id=00048-08312004ExploitPatchVendor Advisory
- http://www.phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/11088ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17202
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17203
- http://marc.info/?l=bugtraq&m=109413493005513&w=2
- http://secunia.com/advisories/12438ExploitPatchVendor Advisory
- http://securitytracker.com/id?1011120
- http://www.gulftech.org/?node=research&article_id=00048-08312004ExploitPatchVendor Advisory
- http://www.phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/11088ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17202
FAQ
What is CVE-2004-1655?
CVE-2004-1655 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the...
How severe is CVE-2004-1655?
CVE-2004-1655 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1655?
Check the references section above for vendor advisories and patch information. Affected products include: Phpwebsite Phpwebsite.