Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-2497

Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

Published

2004-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application hitachi web_page_generator 01_00 Yes
Application hitachi web_page_generator 01_01_c Yes
Application hitachi web_page_generator 02_00 Yes
Application hitachi web_page_generator 02_00_c Yes
Application hitachi web_page_generator_enterprise 03_00 Yes
Application hitachi web_page_generator_enterprise 03_02_c Yes
Application hitachi web_page_generator_enterprise 03_03 Yes
Application hitachi web_page_generator_enterprise 03_03_c Yes
Application hitachi web_page_generator_enterprise 03_03_d Yes
Application hitachi web_page_generator_enterprise 04_00 Yes
Application hitachi web_page_generator_enterprise 04_00_c Yes
Application hitachi web_page_generator_enterprise 04_01 Yes
Application hitachi web_page_generator_enterprise 04_01_b Yes
References