CVE-2004-1657

Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=109443321830050&w=2
http://secunia.com/advisories/12416	Exploit Patch Vendor Advisory
http://staff.newtelligence.net/clemensv/PermaLink.aspx?guid=69bce168-cb09-4f09-8d53-f0b97f11b198	Vendor Advisory
http://www.securityfocus.com/bid/11086	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17174

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:newtelligence:dasblog:1.3:::::::*
	cpe:2.3:a:newtelligence:dasblog:1.4:::::::*
	cpe:2.3:a:newtelligence:dasblog:1.5:::::::*
	cpe:2.3:a:newtelligence:dasblog:1.6:::::::*

History

No history.

Information

Published : 2004-09-01 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2004-1657

Mitre link : CVE-2004-1657

CVE.ORG link : CVE-2004-1657

JSON object : View

Products Affected

newtelligence

dasblog

CWE

NVD-CWE-Other

{"id": "CVE-2004-1657", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-09-01T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=109443321830050&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12416", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://staff.newtelligence.net/clemensv/PermaLink.aspx?guid=69bce168-cb09-4f09-8d53-f0b97f11b198", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11086", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17174", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers."}], "lastModified": "2017-07-11T01:31:13.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:newtelligence:dasblog:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B94BC97-9711-4141-BB3C-1AAF44CA953B"}, {"criteria": "cpe:2.3:a:newtelligence:dasblog:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04655F91-B4AD-4814-8E30-3BF6723DCC01"}, {"criteria": "cpe:2.3:a:newtelligence:dasblog:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27188BEA-9C79-4AB1-B50F-860AD5E89E78"}, {"criteria": "cpe:2.3:a:newtelligence:dasblog:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DD60052-2378-4499-BF9B-38100AED8B67"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}