CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2004-0067

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
Publish Date : 2004-02-17 Last Update Date : 2011-09-13
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
4.3
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID 79

- Products Affected By CVE-2004-0067

# Product Type Vendor Product Version Update Edition Language
1 Application Phpgedview Phpgedview 2.65 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Phpgedview Phpgedview 1

- References For CVE-2004-0067

http://secunia.com/advisories/26628
SECUNIA 26628
http://securitytracker.com/id?1018613
SECTRACK 1018613
http://www.osvdb.org/3473
OSVDB 3473
http://www.osvdb.org/3474
OSVDB 3474
http://www.osvdb.org/3475
OSVDB 3475
http://www.osvdb.org/3476
OSVDB 3476
http://www.osvdb.org/3477
OSVDB 3477
http://www.osvdb.org/3478
OSVDB 3478
http://www.osvdb.org/3479
OSVDB 3479
http://www.securityfocus.com/archive/1/archive/1/477881/100/0/threaded
BUGTRAQ 20070827 PhpGedView login page multiple XSS
http://www.securityfocus.com/bid/11868
BID 11868 PhpGedView Descendancy.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11880
BID 11880 PhpGedView Index.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11882
BID 11882 PhpGedView Individual.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11891
BID 11891 PhpGedView Gedrecord.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11888
BID 11888 PhpGedView Source.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11890
BID 11890 PhpGedView Imageview.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11894
BID 11894 PhpGedView Gdbi_interface.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11903
BID 11903 PhpGedView Login.PHP URL Parameter Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11904
BID 11904 PhpGedView Login.PHP Username Parameter Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11905
BID 11905 PhpGedView Login.PHP Newlanguage Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11906
BID 11906 PhpGedView Relationship.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.securityfocus.com/bid/11907
BID 11907 PhpGedView Calendar.PHP Cross-Site Scripting Vulnerability Release Date:2009-07-12
http://www.vupen.com/english/advisories/2007/2995
VUPEN ADV-2007-2995
http://xforce.iss.net/xforce/xfdb/14212
XF phpgedview-multiple-xss(14212)
http://xforce.iss.net/xforce/xfdb/36285
XF phpgedview-login-xss(36285)
http://marc.theaimsgroup.com/?l=bugtraq&m=107394912715478&w=2
BUGTRAQ 20040112 More phpGedView Vulnerabilities

- Metasploit Modules Related To CVE-2004-0067

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.