4.3
CVE-2004-2656
- EPSS 1.41%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Open Source Development Network ≫ Slashcode Version <= r_2_5_0_41
Open Source Development Network ≫ Slashcode Version2.2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.41% | 0.691 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://archives.neohapsis.com/archives/bugtraq/2004-12/0170.html
http://secunia.com/advisories/13491
http://www.osvdb.org/21874
http://www.osvdb.org/21875
http://www.securityfocus.com/bid/11993
http://www.slashcode.com/slash/04/12/20/1946225.shtml?tid=11&tid=5&tid=4
https://exchange.xforce.ibmcloud.com/vulnerabilities/18508