Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source Development Network | Slashcode | <= r_2_5_0_41 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0170.htmlVendor Advisory
- http://secunia.com/advisories/13491PatchVendor Advisory
- http://www.osvdb.org/21874ExploitPatch
- http://www.osvdb.org/21875ExploitPatch
- http://www.securityfocus.com/bid/11993Patch
- http://www.slashcode.com/slash/04/12/20/1946225.shtml?tid=11&tid=5&tid=4PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18508
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0170.htmlVendor Advisory
- http://secunia.com/advisories/13491PatchVendor Advisory
- http://www.osvdb.org/21874ExploitPatch
- http://www.osvdb.org/21875ExploitPatch
- http://www.securityfocus.com/bid/11993Patch
- http://www.slashcode.com/slash/04/12/20/1946225.shtml?tid=11&tid=5&tid=4PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18508
FAQ
What is CVE-2004-2656?
CVE-2004-2656 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or ...
How severe is CVE-2004-2656?
CVE-2004-2656 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2656?
Check the references section above for vendor advisories and patch information. Affected products include: Open Source Development Network Slashcode.