CVE-2004-1645
published 2004-08-30CVE-2004-1645: Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.65%
88.2th percentile
Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jerod_moemeka | xedus | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting
exploitdb·2004-09-30
CVE-2004-1645 Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - test.x 'Username' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11071/info
It is reported that Xedus is susceptible to multiple vulnerabilities.
The first reported issue is a denial of service vulnerability. The affected application is unable to service multiple simultaneous connections, denying access to the hosted site for legitimate users.
The second reported issue is a cross-site scripting vulnerability in included sample scripts. This vulnerability is due to a failure of the application to properly sanitize user-supplied URI input before including it in the output of the scripts.
The third reported issue is a directory traversal vulnerability. The affected application will reportedly serve documents located outside of the configured we
Exploit-DB
Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting
exploitdb·2004-09-30
CVE-2004-1645 Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting
Xedus Web Server 1.0 - testgetrequest.x 'Username' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11071/info
It is reported that Xedus is susceptible to multiple vulnerabilities.
The first reported issue is a denial of service vulnerability. The affected application is unable to service multiple simultaneous connections, denying access to the hosted site for legitimate users.
The second reported issue is a cross-site scripting vulnerability in included sample scripts. This vulnerability is due to a failure of the application to properly sanitize user-supplied URI input before including it in the output of the scripts.
The third reported issue is a directory traversal vulnerability. The affected application will reportedly serve documents located outside of the con
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=109394018411394&w=2http://secunia.com/advisories/12418http://www.gulftech.org/?node=research&article_id=00047-08302004http://www.securityfocus.com/bid/11071https://exchange.xforce.ibmcloud.com/vulnerabilities/17166http://marc.info/?l=bugtraq&m=109394018411394&w=2http://secunia.com/advisories/12418http://www.gulftech.org/?node=research&article_id=00047-08302004http://www.securityfocus.com/bid/11071https://exchange.xforce.ibmcloud.com/vulnerabilities/17166
2004-08-30
Published