Vulnerability Description
Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachi | Web Page Generator | 01_00 |
| Hitachi | Web Page Generator Enterprise | 03_00 |
References
- http://secunia.com/advisories/12150Vendor Advisory
- http://www.hitachi-support.com/security_e/vuls_e/HS04-003_e/index-e.htmlVendor Advisory
- http://www.osvdb.org/8264
- http://www.securityfocus.com/bid/10818
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16822
- http://secunia.com/advisories/12150Vendor Advisory
- http://www.hitachi-support.com/security_e/vuls_e/HS04-003_e/index-e.htmlVendor Advisory
- http://www.osvdb.org/8264
- http://www.securityfocus.com/bid/10818
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16822
FAQ
What is CVE-2004-2497?
CVE-2004-2497 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is ...
How severe is CVE-2004-2497?
CVE-2004-2497 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2497?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Web Page Generator, Hitachi Web Page Generator Enterprise.