CVE-2004-1844
published 2004-12-31CVE-2004-1844: Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.77%
75.3th percentile
Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Expinion.net Member Management System 2.1 - 'error.asp?err' Cross-Site Scripting
exploitdb·2004-03-20
CVE-2004-1844 Expinion.net Member Management System 2.1 - 'error.asp?err' Cross-Site Scripting
Expinion.net Member Management System 2.1 - 'error.asp?err' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9932/info
It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script.
Member Management System version 2.1 has been reported to be affected by this issue, however, other versions may be vulnerable as well.
http://www.example.com/error.asp?err=">[XSS]
Exploit-DB
Expinion.net Member Management System 2.1 - 'register.asp?err' Cross-Site Scripting
exploitdb·2004-03-20
CVE-2004-1844 Expinion.net Member Management System 2.1 - 'register.asp?err' Cross-Site Scripting
Expinion.net Member Management System 2.1 - 'register.asp?err' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9932/info
It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script.
Member Management System version 2.1 has been reported to be affected by this issue, however, other versions may be vulnerable as well.
In the register form: ">
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107999697625786&w=2http://secunia.com/advisories/11179http://securitytracker.com/id?1009508http://www.securityfocus.com/bid/9932https://exchange.xforce.ibmcloud.com/vulnerabilities/15552http://marc.info/?l=bugtraq&m=107999697625786&w=2http://secunia.com/advisories/11179http://securitytracker.com/id?1009508http://www.securityfocus.com/bid/9932https://exchange.xforce.ibmcloud.com/vulnerabilities/15552
2004-12-31
Published