Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-2261

Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.

Published

2004-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	e107	e107	0.545	No
Application	e107	e107	0.554	No
Application	e107	e107	0.555_beta	No
Application	e107	e107	0.603	No
Application	e107	e107	0.610	No
Application	e107	e107	0.611	No
Application	e107	e107	0.612	No
Application	e107	e107	0.613	No
Application	e107	e107	0.614	No

References

http://secunia.com/advisories/11567 Patch, Vendor Advisory ([email protected])
http://securitytracker.com/id?1010084 ([email protected])
http://www.osvdb.org/5982 Patch ([email protected])
http://www.securityfocus.com/bid/10293 Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/16087 ([email protected])
http://secunia.com/advisories/11567 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1010084 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/5982 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/10293 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16087 (af854a3a-2127-422b-91ae-364da2661108)