Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Codeworx Technologies
  • Dcp-portal

Configuration 1 [-]

OR cpe:2.3:a:codeworx_technologies:dcp-portal:*:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:3.7:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:4.0:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:4.1:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:4.2:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:5.1:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:5.2:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:5.3:*:*:*:*:*:*:*
cpe:2.3:a:codeworx_technologies:dcp-portal:5.3.1:*:*:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html Exploit
http://secunia.com/advisories/12751 Exploit Vendor Advisory
http://securitytracker.com/id?1006351 Exploit
http://www.osvdb.org/10585 Exploit
http://www.osvdb.org/10587 Exploit
http://www.osvdb.org/10588 Exploit
http://www.osvdb.org/10589 Exploit
http://www.osvdb.org/10590 Exploit
http://www.osvdb.org/11405 Exploit
http://www.securityfocus.com/bid/11338 Exploit
http://www.securityfocus.com/bid/11339 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/17638
https://exchange.xforce.ibmcloud.com/vulnerabilities/17639
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-10-25T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-10-25T00:00:00

Link: CVE-2004-2511

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:31:57.937

Link: CVE-2004-2511

JSON object: View

cve-icon Redhat Information

No data.

CWE