CVE-2004-1410

Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1410
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gadu-gadu / gadu-gadu_instant_messenger	6.0_build150	6.0_build150.x
gadu-gadu / gadu-gadu_instant_messenger	6.0_build155	6.0_build155.x
gadu-gadu / gadu-gadu_instant_messenger	6.0_build153	6.0_build153.x
gadu-gadu / gadu-gadu_instant_messenger	6.0_build152	6.0_build152.x
gadu-gadu / gadu-gadu_instant_messenger	6.0_build149	6.0_build149.x
gadu-gadu / gadu-gadu_instant_messenger	6.0_build151	6.0_build151.x
gadu-gadu / gadu-gadu_instant_messenger	6.0_build154	6.0_build154.x

http://marc.info/?l=bugtraq&m=110330741828726&w=2
http://secunia.com/advisories/13450
http://www.osvdb.org/12524
http://www.securityfocus.com/bid/11998

Vulnerability Database

290,301

CVE-2004-1410