CVE-2004-2550
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2004
Last modified:
03/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:xperience:sandsurfer:1.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xperience:sandsurfer:1.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xperience:sandsurfer:1.6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xperience:sandsurfer:1.6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xperience:sandsurfer:1.7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/11028
- http://sourceforge.net/forum/forum.php?forum_id=356882
- http://www.osvdb.org/4132
- http://www.securityfocus.com/bid/9801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15377
- http://secunia.com/advisories/11028
- http://sourceforge.net/forum/forum.php?forum_id=356882
- http://www.osvdb.org/4132
- http://www.securityfocus.com/bid/9801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15377