CVE-2004-0067 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php (2) index.php (3) individual.php (4) login.php (5) relationship.php (6) source.php (7) imageview.php (8) calendar.php (9) gedrecord.php (10) login.php and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.

Reference

http://marc.info/?l=bugtraq&m=107394912715478&w=2 http://secunia.com/advisories/26628 http://securitytracker.com/id?1018613 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.securityfocus.com/archive/1/477881/100/0/threaded http://www.securityfocus.com/bid/11868 http://www.securityfocus.com/bid/11880 http://www.securityfocus.com/bid/11882 http://www.securityfocus.com/bid/11888 http://www.securityfocus.com/bid/11890 http://www.securityfocus.com/bid/11891 http://www.securityfocus.com/bid/11894 http://www.securityfocus.com/bid/11903 http://www.securityfocus.com/bid/11904 http://www.securityfocus.com/bid/11905 http://www.securityfocus.com/bid/11906 http://www.securityfocus.com/bid/11907 http://www.vupen.com/english/advisories/2007/2995 https://exchange.xforce.ibmcloud.com/vulnerabilities/14212 https://exchange.xforce.ibmcloud.com/vulnerabilities/36285