CVE-2004-1692

Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.

Published: Sep 18, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1692
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mambo / mambo_open_source	4.5_1.0.9	4.5_1.0.9.x

http://mamboforge.net/frs/shownotes.php?release_id=1672
http://marc.info/?l=bugtraq&m=109571849713158&w=2
http://www.osvdb.org/10179
http://www.securityfocus.com/bid/11220
https://exchange.xforce.ibmcloud.com/vulnerabilities/20616

Vulnerability Database

289,871

CVE-2004-1692