Vulnerability Description
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mambo | Mambo Open Source | 4.6 |
References
- http://www.securityfocus.com/bid/9588Exploit
- http://www.systemsecure.org/advisories/ssadvisory06022004.phpExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15062
- http://www.securityfocus.com/bid/9588Exploit
- http://www.systemsecure.org/advisories/ssadvisory06022004.phpExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15062
FAQ
What is CVE-2004-2072?
CVE-2004-2072 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
How severe is CVE-2004-2072?
CVE-2004-2072 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2072?
Check the references section above for vendor advisories and patch information. Affected products include: Mambo Mambo Open Source.