CVE-2004-2171

Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2171
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cherokee / cherokee_httpd	0.4.6	0.4.6.x
cherokee / cherokee_httpd	0.2	0.2.x
cherokee / cherokee_httpd	0.1.6	0.1.6.x
cherokee / cherokee_httpd	0.2.6	0.2.6.x
cherokee / cherokee_httpd	0.2.5	0.2.5.x
cherokee / cherokee_httpd	0.1	0.1.x
cherokee / cherokee_httpd	0.2.7	0.2.7.x
cherokee / cherokee_httpd	0.4.7	0.4.7.x
cherokee / cherokee_httpd	0.1.5	0.1.5.x

http://secunia.com/advisories/10701/
http://www.osvdb.org/3707
http://www.securityfocus.com/bid/9496
https://exchange.xforce.ibmcloud.com/vulnerabilities/14936

Vulnerability Database

290,301

CVE-2004-2171