CVE-2004-2511

EPSS 5.3%

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.

Affected products

n/a · n/a

public PoCs found — 3

exploitdbwww.exploit-db.com/exploits/24661unverified exploitdbwww.exploit-db.com/exploits/24659unverified exploitdbwww.exploit-db.com/exploits/24662unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html http://secunia.com/advisories/12751 http://securitytracker.com/id?1006351 https://exchange.xforce.ibmcloud.com/vulnerabilities/17638 https://exchange.xforce.ibmcloud.com/vulnerabilities/17639 http://www.osvdb.org/10585 http://www.osvdb.org/10587 http://www.osvdb.org/10588 http://www.osvdb.org/10589 http://www.osvdb.org/10590 http://www.osvdb.org/11405 http://www.securityfocus.com/bid/11338