CVE-2004-2210 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n (2) b (3) e or (4) a parameters to default.asp (5) the Referer header in an HTTP request to login.asp or (6) the email parameter to subscribe/default.asp.

Reference

http://www.maxpatrol.com/advdetails.asp?id=12 http://www.maxpatrol.com/mp_advisory.asp http://www.securityfocus.com/bid/11426