CVE-2004-1865 Details

CVE-2004-1865

Published: 2004-03-26
Last Modified: 2017-07-11
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.

Analysis
Common Vulnerability Score System v2.0
Metrics Value
Severity Low
Base Score 1.9/10
Exploit Score 3.4/10
Access Vector Local
Access Complexity Medium
Authentication None
Impact Score 2.9/10
Confidentiality Impact None
Availability Impact None
Integrity Impact Partial
Vector String AV:L/AC:M/Au:N/C:N/I:P/A:N
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

References

http://marc.info/?l=bugtraq&m=108034226717745&w=2
http://securitytracker.com/id?1009564
http://www.osvdb.org/10510
http://www.securityfocus.com/bid/13397
https://exchange.xforce.ibmcloud.com/vulnerabilities/15635

CVE ID
CVE-2004-1865
Published
2004-03-26
Modified
2017-07-11
CVSSv2.0
Low
PCI Compliance
Pass
Data Format
MITRE
Data Type
CVE
Data Version
4.0
CWE

NVD-CWE-Other

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.