CVE-2004-0358
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/11/2004
Last modified:
11/07/2017
Description
Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:virtuasystems:virtuanews_pro:1.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:virtuasystems:virtuanews_pro:1.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:virtuasystems:virtuanews_pro:1.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:virtuasystems:virtuanews_pro:1.0.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page