Vulnerability Description
Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snitz Communications | Snitz Forums 2000 | <= 3.4.04 |
Related Weaknesses (CWE)
References
- http://forum.snitz.com/forum/topic.asp?TOPIC_ID=53360
- http://secunia.com/advisories/11895Vendor Advisory
- http://securityreason.com/securityalert/3200
- http://securitytracker.com/id?1010524Patch
- http://www.osvdb.org/7190
- http://www.sec-tec.co.uk/vulnerability/snitzxss.html
- http://www.securityfocus.com/archive/1/366309Exploit
- http://www.securityfocus.com/bid/10564Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16444
- http://forum.snitz.com/forum/topic.asp?TOPIC_ID=53360
- http://secunia.com/advisories/11895Vendor Advisory
- http://securityreason.com/securityalert/3200
- http://securitytracker.com/id?1010524Patch
- http://www.osvdb.org/7190
- http://www.sec-tec.co.uk/vulnerability/snitzxss.html
FAQ
What is CVE-2004-2720?
CVE-2004-2720 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email param...
How severe is CVE-2004-2720?
CVE-2004-2720 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2720?
Check the references section above for vendor advisories and patch information. Affected products include: Snitz Communications Snitz Forums 2000.