Vulnerability Name:

CVE-2004-1409 (CCN-18535)

Assigned:2004-12-16
Published:2004-12-16
Updated:2016-10-18
Summary:Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Dec 16 2004 - 18:19:59 CST
[SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities

Source: MITRE
Type: CNA
CVE-2004-1409

Source: BUGTRAQ
Type: UNKNOWN
20041216 [SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities

Source: CCN
Type: SourceForge.net
Project: singapore: File List

Source: CCN
Type: SIG^2 Vulnerability Research Advisory, 16 Dec 2004
singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities

Source: BID
Type: Patch
11990

Source: CCN
Type: BID-11990
Singapore Image Gallery Multiple Remote Vulnerabilities

Source: XF
Type: UNKNOWN
singapore-index-xss(18535)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:singapore:image_gallery_web_application:0.9.10:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-1409 (CCN-18536)

    Assigned:2004-12-16
    Published:2004-12-16
    Updated:2004-12-16
    Summary:singapore is a freely available PHP-based image gallery program for Microsoft Windows and Unix-based platforms. Singapore version 0.9.10 running on Microsoft Internet Information Server (IIS) with PHP version 4.3.4 and 4.3.9 and running on Apache version 1.3.33 with PHP 4.3.9 are vulnerable to cross-site scripting, caused by a vulnerability in the user management page. A remote attacker could embed malicious JavaScript in the fullname field, which would be executed in the victim's Web browser within the security context of the hosting site, once the administrator access the user management page. An attacker could use this vulnerability to obtain a user's cookie-based authentication credentials.
    CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
    4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
    2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Thu Dec 16 2004 - 18:19:59 CST
    [SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities

    Source: MITRE
    Type: CNA
    CVE-2004-1409

    Source: CCN
    Type: SourceForge.net
    Project: singapore: File List

    Source: CCN
    Type: SIG^2 Vulnerability Research Advisory, 16 Dec 2004
    singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities

    Source: CCN
    Type: BID-11990
    Singapore Image Gallery Multiple Remote Vulnerabilities

    Source: XF
    Type: UNKNOWN
    singapore-user-management-xss(18536)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    singapore image gallery web application 0.9.10
    php php 4.3.4 -
    php php 4.3.9