CVE-2004-0067
published 2004-02-17CVE-2004-0067: Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1)…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.15%
86.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpgedview | phpgedview | <= 2.65 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mhm2-pp6r-fp32: Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2
ghsa_unreviewed·2022-04-29
CVE-2004-0067 [MEDIUM] CWE-79 GHSA-mhm2-pp6r-fp32: Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
Red Hat
security flaw
vendor_redhat·2005-04-12·CVSS 5.0
CVE-2004-0791 [MEDIUM] security flaw
security flaw
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
No detection rules found.
Exploit-DB
PHPGedView 2.x - 'Descendancy.php' Cross-Site Scripting
exploitdb·2004-01-19
CVE-2004-0067 PHPGedView 2.x - 'Descendancy.php' Cross-Site Scripting
PHPGedView 2.x - 'Descendancy.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11868/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/descendancy.php?pid=
Exploit-DB
PHPGedView 2.5/2.6 - 'Imageview.php' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'Imageview.php' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'Imageview.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11890/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/imageview.php?filename=
Exploit-DB
PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11905/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/login.php?&changelanguage=yes&NEWLANGUAGE=
Exploit-DB
PHPGedView 2.5/2.6 - 'index.php' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'index.php' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11880/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/index.php?rootid=">
Exploit-DB
PHPGedView 2.5/2.6 - 'login.php?URL' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'login.php?URL' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php?URL' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11903/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/login.php?url=/index.php?GEDCOM=">
Exploit-DB
PHPGedView 2.5/2.6 - 'Gedrecord.php' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'Gedrecord.php' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'Gedrecord.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11891/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/gedrecord.php?pid=
Exploit-DB
PHPGedView 2.5/2.6 - 'login.php?Username' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'login.php?Username' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'login.php?Username' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11904/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/login.php?action=login&username=">
Exploit-DB
PHPGedView 2.5/2.6 - 'Relationship.php' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'Relationship.php' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'Relationship.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11906/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/relationship.php?path_to_find=">
http://www.example.com/phpgedview/relationship.php?path_
Exploit-DB
PHPGedView 2.5/2.6 - 'Individual.php' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'Individual.php' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'Individual.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11882/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/individual.php?pid=">
Exploit-DB
PHPGedView 2.5/2.6 - 'Source.php' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'Source.php' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'Source.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11888/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/source.php?sid=
Exploit-DB
PHPGedView 2.5/2.6 - 'Gdbi_interface.php' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'Gdbi_interface.php' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'Gdbi_interface.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11894/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/gdbi_interface.php?action=delete&pid=
Exploit-DB
PHPGedView 2.5/2.6 - 'Timeline.php' SQL Injection
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'Timeline.php' SQL Injection
PHPGedView 2.5/2.6 - 'Timeline.php' SQL Injection
---
source: https://www.securityfocus.com/bid/11925/info
It is reported that PhpGedView is susceptible to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to including it in an SQL query.
This issue allows remote attackers to manipulate query logic. The issue could theoretically be exploited to compromise the software by performing unauthorized actions on the database, such as modifying or viewing data. SQL injection attacks may also be used to exploit latent vulnerabilities in the underlying database. This may depend on the nature of the query being manipulated as well as the capabilities of the database implementation.
This issue has been reported t
Exploit-DB
PHPGedView 2.5/2.6 - 'Placelist.php' SQL Injection
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'Placelist.php' SQL Injection
PHPGedView 2.5/2.6 - 'Placelist.php' SQL Injection
---
source: https://www.securityfocus.com/bid/11910/info
It is reported that PhpGedView is susceptible to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to including it in an SQL query.
This issue allows remote attackers to manipulate query logic, leading to unauthorized access and the disclosure of potentially sensitive information. The issue also allows the possible corruption of database data leading to a loss of integrity. SQL injection attacks may also be used to exploit latent vulnerabilities in the underlying database.
This issue has been reported to effect PhpGedView 2.65beta5 and earlier.
http://www.example.com/phpgedview/placelist.php?le
Exploit-DB
PHPGedView 2.5/2.6 - 'calendar.php' Cross-Site Scripting
exploitdb·2004-01-12
CVE-2004-0067 PHPGedView 2.5/2.6 - 'calendar.php' Cross-Site Scripting
PHPGedView 2.5/2.6 - 'calendar.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11907/info
It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
http://www.example.com/phpgedview/calendar.php?action=today&day=1&month=jan&year=">
http://www.example.com/phpgedview/calendar.
http://marc.info/?l=bugtraq&m=107394912715478&w=2http://secunia.com/advisories/26628http://securitytracker.com/id?1018613http://www.osvdb.org/3473http://www.osvdb.org/3474http://www.osvdb.org/3475http://www.osvdb.org/3476http://www.osvdb.org/3477http://www.osvdb.org/3478http://www.osvdb.org/3479http://www.securityfocus.com/archive/1/477881/100/0/threadedhttp://www.securityfocus.com/bid/11868http://www.securityfocus.com/bid/11880http://www.securityfocus.com/bid/11882http://www.securityfocus.com/bid/11888http://www.securityfocus.com/bid/11890http://www.securityfocus.com/bid/11891http://www.securityfocus.com/bid/11894http://www.securityfocus.com/bid/11903http://www.securityfocus.com/bid/11904http://www.securityfocus.com/bid/11905http://www.securityfocus.com/bid/11906http://www.securityfocus.com/bid/11907http://www.vupen.com/english/advisories/2007/2995https://exchange.xforce.ibmcloud.com/vulnerabilities/14212https://exchange.xforce.ibmcloud.com/vulnerabilities/36285http://marc.info/?l=bugtraq&m=107394912715478&w=2http://secunia.com/advisories/26628http://securitytracker.com/id?1018613http://www.osvdb.org/3473http://www.osvdb.org/3474http://www.osvdb.org/3475http://www.osvdb.org/3476http://www.osvdb.org/3477http://www.osvdb.org/3478http://www.osvdb.org/3479http://www.securityfocus.com/archive/1/477881/100/0/threadedhttp://www.securityfocus.com/bid/11868http://www.securityfocus.com/bid/11880http://www.securityfocus.com/bid/11882http://www.securityfocus.com/bid/11888http://www.securityfocus.com/bid/11890http://www.securityfocus.com/bid/11891http://www.securityfocus.com/bid/11894http://www.securityfocus.com/bid/11903http://www.securityfocus.com/bid/11904http://www.securityfocus.com/bid/11905http://www.securityfocus.com/bid/11906http://www.securityfocus.com/bid/11907http://www.vupen.com/english/advisories/2007/2995https://exchange.xforce.ibmcloud.com/vulnerabilities/14212https://exchange.xforce.ibmcloud.com/vulnerabilities/36285
2004-02-17
Published