4.3
CVE-2004-0067
- EPSS 3.15%
- Veröffentlicht 17.02.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpgedview ≫ Phpgedview Version <= 2.65
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.15% | 0.863 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://marc.info/?l=bugtraq&m=107394912715478&w=2
http://secunia.com/advisories/26628
http://securitytracker.com/id?1018613
http://www.osvdb.org/3473
http://www.osvdb.org/3474
http://www.osvdb.org/3475
http://www.osvdb.org/3476
http://www.osvdb.org/3477
http://www.osvdb.org/3478
http://www.osvdb.org/3479
http://www.securityfocus.com/archive/1/477881/100/0/threaded
http://www.securityfocus.com/bid/11868
http://www.securityfocus.com/bid/11880
http://www.securityfocus.com/bid/11882
http://www.securityfocus.com/bid/11888
http://www.securityfocus.com/bid/11890
http://www.securityfocus.com/bid/11891
http://www.securityfocus.com/bid/11894
http://www.securityfocus.com/bid/11903
http://www.securityfocus.com/bid/11904
http://www.securityfocus.com/bid/11905
http://www.securityfocus.com/bid/11906
http://www.securityfocus.com/bid/11907
http://www.vupen.com/english/advisories/2007/2995
https://exchange.xforce.ibmcloud.com/vulnerabilities/14212
https://exchange.xforce.ibmcloud.com/vulnerabilities/36285