CVE-2004-1845
published 2004-12-31CVE-2004-1845: Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.16%
79.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| expinion.net | news_manager_lite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Expinion.net News Manager Lite 2.5 - 'search.asp' Cross-Site Scripting
exploitdb·2004-03-20
CVE-2004-1845 Expinion.net News Manager Lite 2.5 - 'search.asp' Cross-Site Scripting
Expinion.net News Manager Lite 2.5 - 'search.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9935/info
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.
The issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.
News Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.
http://www.example.com/search.asp?search
Exploit-DB
Expinion.net News Manager Lite 2.5 - 'category_news_headline.asp' Cross-Site Scripting
exploitdb·2004-03-20
CVE-2004-1845 Expinion.net News Manager Lite 2.5 - 'category_news_headline.asp' Cross-Site Scripting
Expinion.net News Manager Lite 2.5 - 'category_news_headline.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9935/info
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.
The issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.
News Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.
http://www.example.com/c
Exploit-DB
Expinion.net News Manager Lite 2.5 - 'comment_add.asp' Cross-Site Scripting
exploitdb·2004-03-20
CVE-2004-1845 Expinion.net News Manager Lite 2.5 - 'comment_add.asp' Cross-Site Scripting
Expinion.net News Manager Lite 2.5 - 'comment_add.asp' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9935/info
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks.
The issues exist in the 'comment_add.asp', 'search.asp', 'category_news_headline.asp', 'more.asp', 'category_news.asp', and 'ews_sort.asp' scripts. Further more a cookie account hijacking issue was also discovered in the application that may allow a remote attacker to gain administrative access to application's administrative interface.
News Manager Lite 2.5 is reported to be affected by these issues, however, other versions may be affected as well.
http://www.example.com/comment_add.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107999733503496&w=2http://secunia.com/advisories/11180http://securitytracker.com/id?1009507http://www.osvdb.org/4492http://www.osvdb.org/4493http://www.osvdb.org/4494http://www.securityfocus.com/bid/9935https://exchange.xforce.ibmcloud.com/vulnerabilities/15548http://marc.info/?l=bugtraq&m=107999733503496&w=2http://secunia.com/advisories/11180http://securitytracker.com/id?1009507http://www.osvdb.org/4492http://www.osvdb.org/4493http://www.osvdb.org/4494http://www.securityfocus.com/bid/9935https://exchange.xforce.ibmcloud.com/vulnerabilities/15548
2004-12-31
Published