CVE-2004-2670 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.

Reference

http://echo.or.id/adv/adv02-y3dips-2004.txt http://secunia.com/advisories/12231 http://securitytracker.com/id?1010864 http://www.securityfocus.com/archive/1/370855 http://www.securityfocus.com/bid/10856 http://www.securityfocus.com/bid/8506 https://exchange.xforce.ibmcloud.com/vulnerabilities/13041