Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Endonesia | Endonesia | 8.3 |
References
- http://echo.or.id/adv/adv02-y3dips-2004.txtExploitVendor Advisory
- http://secunia.com/advisories/12231Vendor Advisory
- http://securitytracker.com/id?1010864Vendor Advisory
- http://www.securityfocus.com/archive/1/370855ExploitVendor Advisory
- http://www.securityfocus.com/bid/10856ExploitVendor Advisory
- http://www.securityfocus.com/bid/8506ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13041
- http://echo.or.id/adv/adv02-y3dips-2004.txtExploitVendor Advisory
- http://secunia.com/advisories/12231Vendor Advisory
- http://securitytracker.com/id?1010864Vendor Advisory
- http://www.securityfocus.com/archive/1/370855ExploitVendor Advisory
- http://www.securityfocus.com/bid/10856ExploitVendor Advisory
- http://www.securityfocus.com/bid/8506ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13041
FAQ
What is CVE-2004-2670?
CVE-2004-2670 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) th...
How severe is CVE-2004-2670?
CVE-2004-2670 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2670?
Check the references section above for vendor advisories and patch information. Affected products include: Endonesia Endonesia.