CVE-2004-2059

EPSS 8.8%

Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.

Affected products

n/a · n/a

public PoCs found — 4

exploitdbwww.exploit-db.com/exploits/24316unverified exploitdbwww.exploit-db.com/exploits/24314unverified exploitdbwww.exploit-db.com/exploits/24313unverified exploitdbwww.exploit-db.com/exploits/24315unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html http://ferruh.mavituna.com/article/?574 http://marc.info/?l=bugtraq&m=109086977330418&w=2 http://secunia.com/advisories/12164 http://securitytracker.com/id?1010777 https://exchange.xforce.ibmcloud.com/vulnerabilities/16801 http://www.osvdb.org/8254 http://www.osvdb.org/8255 http://www.osvdb.org/8256 http://www.osvdb.org/8257 http://www.securityfocus.com/bid/10799