CVE-2004-2028 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2004-2028

Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.

Published: May 21, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2028
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
e107 / e107	0.6_15	0.6_15.x
e107 / e107	0.555_beta	0.555_beta.x
e107 / e107	0.554	0.554.x
e107 / e107	0.6_10	0.6_10.x
e107 / e107	0.545	0.545.x
e107 / e107	0.6_12	0.6_12.x
e107 / e107	0.6_13	0.6_13.x
e107 / e107	0.603	0.603.x
e107 / e107	0.6_15a	0.6_15a.x
e107 / e107	0.6_14	0.6_14.x
e107 / e107	0.6_11	0.6_11.x