CVE-2004-0271

Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.

Published: Nov 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0271
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
maxwebportal / maxwebportal	1.30	1.30.x
maxwebportal / maxwebportal	1.31	1.31.x

http://marc.info/?l=bugtraq&m=107643014606515&w=2
http://www.securityfocus.com/bid/9625
https://exchange.xforce.ibmcloud.com/vulnerabilities/15120
https://exchange.xforce.ibmcloud.com/vulnerabilities/15122

Vulnerability Database

290,020

CVE-2004-0271