Vulnerability Details CVE-2004-2355
Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 77.0%
CVSS Severity
CVSS v2 Score 4.3
References
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0054.html
- http://secunia.com/advisories/11789
- http://www.craftysyntax.com/CHANGELOG.txt
- http://www.osvdb.org/6744
- http://www.securityfocus.com/bid/10463
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16321
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0054.html
- http://secunia.com/advisories/11789
- http://www.craftysyntax.com/CHANGELOG.txt
- http://www.osvdb.org/6744
- http://www.securityfocus.com/bid/10463
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16321
Products affected by CVE-2004-2355
-
cpe:2.3:a:crafty_syntax_live_help:crafty_syntax_live_help:2.7.3