CVE-2004-0067

Current Description

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

Basic Data

PublishedFebruary 17, 2004
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPhpgedviewPhpgedview********2.65

Vulnerable Software List

VendorProductVersions
Phpgedview Phpgedview *

References

NameSourceURLTags
20040112 More phpGedView Vulnerabilitieshttp://marc.info/?l=bugtraq&m=107394912715478&w=2BUGTRAQ
26628http://secunia.com/advisories/26628SECUNIAVendor Advisory
1018613http://securitytracker.com/id?1018613SECTRACK
3473http://www.osvdb.org/3473OSVDB
3474http://www.osvdb.org/3474OSVDB
3475http://www.osvdb.org/3475OSVDB
3476http://www.osvdb.org/3476OSVDB
3477http://www.osvdb.org/3477OSVDB
3478http://www.osvdb.org/3478OSVDB
3479http://www.osvdb.org/3479OSVDB
20070827 PhpGedView login page multiple XSShttp://www.securityfocus.com/archive/1/477881/100/0/threadedBUGTRAQ
11868http://www.securityfocus.com/bid/11868BID
11880http://www.securityfocus.com/bid/11880BID
11882http://www.securityfocus.com/bid/11882BID
11888http://www.securityfocus.com/bid/11888BID
11890http://www.securityfocus.com/bid/11890BID
11891http://www.securityfocus.com/bid/11891BID
11894http://www.securityfocus.com/bid/11894BID
11903http://www.securityfocus.com/bid/11903BID
11904http://www.securityfocus.com/bid/11904BID
11905http://www.securityfocus.com/bid/11905BID
11906http://www.securityfocus.com/bid/11906BID
11907http://www.securityfocus.com/bid/11907BID
ADV-2007-2995http://www.vupen.com/english/advisories/2007/2995VUPENVendor Advisory
phpgedview-multiple-xss(14212)https://exchange.xforce.ibmcloud.com/vulnerabilities/14212XF
phpgedview-login-xss(36285)https://exchange.xforce.ibmcloud.com/vulnerabilities/36285XF