Vulnerability Details CVE-2004-0358
Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.9%
CVSS Severity
CVSS v2 Score 6.8
References
- http://archives.neohapsis.com/archives/bugtraq/2004-03/0069.html
- http://marc.info/?l=bugtraq&m=107851556116088&w=2
- http://www.securityfocus.com/bid/9812
- http://www.securityfocus.com/bid/9819
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15402
- http://archives.neohapsis.com/archives/bugtraq/2004-03/0069.html
- http://marc.info/?l=bugtraq&m=107851556116088&w=2
- http://www.securityfocus.com/bid/9812
- http://www.securityfocus.com/bid/9819
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15402
Products affected by CVE-2004-0358
-
cpe:2.3:a:virtuasystems:virtuanews_pro:1.0
-
cpe:2.3:a:virtuasystems:virtuanews_pro:1.0.1
-
cpe:2.3:a:virtuasystems:virtuanews_pro:1.0.2
-
cpe:2.3:a:virtuasystems:virtuanews_pro:1.0.3