Vulnerability Details CVE-2004-1939
Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.1%
CVSS Severity
CVSS v2 Score 4.3
References
- http://marc.info/?l=bugtraq&m=108241507812681&w=2
- http://secunia.com/advisories/11388
- http://www.securiteam.com/windowsntfocus/5EP0I15CKK.html
- http://www.securityfocus.com/bid/10139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15858
- http://marc.info/?l=bugtraq&m=108241507812681&w=2
- http://secunia.com/advisories/11388
- http://www.securiteam.com/windowsntfocus/5EP0I15CKK.html
- http://www.securityfocus.com/bid/10139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15858
Products affected by CVE-2004-1939
-
cpe:2.3:a:rhinosoft:zaep_antispam:2.0
-
cpe:2.3:a:rhinosoft:zaep_antispam:2.0_.0.1