Vulnerability Name:

CVE-2004-2492 (CCN-18277)

Assigned:2004-11-29
Published:2004-11-29
Updated:2017-07-11
Summary:Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-2492

Source: CCN
Type: SA13321
Groupmax World Wide Web Cross-Site Scripting and Directory Traversal

Source: SECUNIA
Type: Vendor Advisory
13321

Source: CCN
Type: Hitachi Vulnerability Information HS04-007
Vulnerabilities in Cross-site Scripting and Directory Traversal of Groupmax World Wide Web and Groupmax World Wide Web Desktop

Source: CONFIRM
Type: Patch
http://www.hitachi-support.com/security_e/vuls_e/HS04-007_e/01-e.html

Source: CCN
Type: Groupmax Web page
Middleware & Platform Software

Source: OSVDB
Type: Patch
12154

Source: CCN
Type: OSVDB ID: 12154
Hitachi Groupmax GmaxWWW QUERY XSS

Source: BID
Type: UNKNOWN
11773

Source: CCN
Type: BID-11773
Groupmax World Wide Web Cross-Site Scripting And Directory Traversal Vulnerabilities

Source: XF
Type: UNKNOWN
groupmax-query-xss(18277)

Source: XF
Type: UNKNOWN
groupmax-query-xss(18277)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hitachi:groupmax_world_wide_web_desktop:05_00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:05_11_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:05_11_i:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:05_11_j:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_00:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_50_b:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_50_c:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51:*:jichitai:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51_b:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51_c:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_52:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_52:*:jichitai:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_52_b:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hitachi:groupmax_world_wide_web_desktop:5:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:groupmax_world_wide_web_desktop:06_51::jichitai:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hitachi groupmax world wide web desktop 05_00
    hitachi groupmax world wide web desktop 05_11_f
    hitachi groupmax world wide web desktop 05_11_i
    hitachi groupmax world wide web desktop 05_11_j
    hitachi groupmax world wide web desktop 06_00
    hitachi groupmax world wide web desktop 06_50_b
    hitachi groupmax world wide web desktop 06_50_c
    hitachi groupmax world wide web desktop 06_51
    hitachi groupmax world wide web desktop 06_51
    hitachi groupmax world wide web desktop 06_51_b
    hitachi groupmax world wide web desktop 06_51_c
    hitachi groupmax world wide web desktop 06_52
    hitachi groupmax world wide web desktop 06_52
    hitachi groupmax world wide web desktop 06_52_b
    hitachi groupmax world wide web desktop 5
    hitachi groupmax world wide web desktop 6
    hitachi groupmax world wide web desktop 06_51