CVE-2004-2511
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
| Software | From | Fixed in |
|---|---|---|
| codeworx_technologies / dcp-portal | 3.7 | 3.7.x |
| codeworx_technologies / dcp-portal | 5.0.2 | 5.0.2.x |
| codeworx_technologies / dcp-portal | 5.2 | 5.2.x |
| codeworx_technologies / dcp-portal | 4.1 | 4.1.x |
| codeworx_technologies / dcp-portal | 5.3 | 5.3.x |
| codeworx_technologies / dcp-portal | 5.0.1 | 5.0.1.x |
| codeworx_technologies / dcp-portal | - | 5.3.2.x |
| codeworx_technologies / dcp-portal | 5.3.1 | 5.3.1.x |
| codeworx_technologies / dcp-portal | 4.5.1 | 4.5.1.x |
| codeworx_technologies / dcp-portal | 4.2 | 4.2.x |
| codeworx_technologies / dcp-portal | 4.0 | 4.0.x |
| codeworx_technologies / dcp-portal | 5.1 | 5.1.x |
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
- http://secunia.com/advisories/12751
- http://securitytracker.com/id?1006351
- http://www.osvdb.org/10585
- http://www.osvdb.org/10587
- http://www.osvdb.org/10588
- http://www.osvdb.org/10589
- http://www.osvdb.org/10590
- http://www.osvdb.org/11405
- http://www.securityfocus.com/bid/11338
- http://www.securityfocus.com/bid/11339
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17639
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime