Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aztek Forum | Aztek Forum | 4.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/13202Vendor Advisory
- http://securitytracker.com/id?1012213Exploit
- http://www.osvdb.org/11704
- http://www.osvdb.org/11705
- http://www.osvdb.org/11706
- http://www.securityfocus.com/bid/11654Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18057
- http://secunia.com/advisories/13202Vendor Advisory
- http://securitytracker.com/id?1012213Exploit
- http://www.osvdb.org/11704
- http://www.osvdb.org/11705
- http://www.osvdb.org/11706
- http://www.securityfocus.com/bid/11654Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18057
FAQ
What is CVE-2004-2725?
CVE-2004-2725 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email param...
How severe is CVE-2004-2725?
CVE-2004-2725 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2725?
Check the references section above for vendor advisories and patch information. Affected products include: Aztek Forum Aztek Forum.