| Vulnerability Name: | CVE-2004-2757 (CCN-14873) | ||||||||
| Assigned: | 2004-01-17 | ||||||||
| Published: | 2004-01-17 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-2757 Source: CCN Type: SA10653 Novell iChain "url" Parameter Cross-Site Scripting Vulnerability Source: SECUNIA Type: Vendor Advisory 10653 Source: CONFIRM Type: UNKNOWN http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm Source: CCN Type: Novell Web site NOVELL: iChain 2.2 Source: CCN Type: OSVDB ID: 3551 Novell iChain url XSS Source: BID Type: UNKNOWN 9412 Source: CCN Type: BID-9412 Novell iChain Web Server Failed Login Page Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN ichain-url-xss(14873) Source: XF Type: UNKNOWN ichain-url-xss(14873) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||