Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1735Cross-site Scripting in Sympa

5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
3.9%
top 11.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SympaDebian Sympa
Timeline
PublishedAug 21
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/sympa< sympa 4.1.5-4 (bookworm)
Debiansympa/sympa< 4.1.5-4+3
NVDsympa/sympa4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-jj5f-c84c-p5jc: Cross-site scripting (XSS) vulnerability in the create list option in Sympa 42022-04-29
OSV
CVE-2004-1735: Cross-site scripting (XSS) vulnerability in the create list option in Sympa 42004-08-21

💥Exploits & PoCs

1
Exploit-DB
Sympa 4.x - New List HTML Injection2004-08-21

📋Vendor Advisories

1
Debian
CVE-2004-1735: sympa - Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1....2004
CVE-2004-1735 — Cross-site Scripting in Debian Sympa | cvebase