Detections
Analytics

CVE-2004-2509

medium

Description

Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18432

http://www.osvdb.org/12367

http://www.osvdb.org/12366

http://www.osvdb.org/12365

http://secunia.com/advisories/13452

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium