[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0067Date: (C)2004-02-17   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018613
BID-11868
BID-11880
BID-11882
BID-11888
BID-11890
BID-11891
BID-11894
BID-11903
BID-11904
BID-11905
BID-11906
BID-11907
http://marc.info/?l=bugtraq&m=107394912715478&w=2
http://www.securityfocus.com/archive/1/477881/100/0/threaded
SECUNIA-26628
OSVDB-3473
OSVDB-3474
OSVDB-3475
OSVDB-3476
OSVDB-3477
OSVDB-3478
OSVDB-3479
ADV-2007-2995
phpgedview-login-xss(36285)
phpgedview-multiple-xss(14212)

CWE    1
CWE-79

© SecPod Technologies