Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xperience | Sandsurfer | 1.6.2 |
References
- http://secunia.com/advisories/11028PatchVendor Advisory
- http://sourceforge.net/forum/forum.php?forum_id=356882
- http://www.osvdb.org/4132Patch
- http://www.securityfocus.com/bid/9801Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15377
- http://secunia.com/advisories/11028PatchVendor Advisory
- http://sourceforge.net/forum/forum.php?forum_id=356882
- http://www.osvdb.org/4132Patch
- http://www.securityfocus.com/bid/9801Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15377
FAQ
What is CVE-2004-2550?
CVE-2004-2550 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a t...
How severe is CVE-2004-2550?
CVE-2004-2550 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2550?
Check the references section above for vendor advisories and patch information. Affected products include: Xperience Sandsurfer.