CVE-2004-1146 | Vulnerability Database | Aqua Security

Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.

Affected Software

Name	Vendor	Start Version	End Version
Cvstrac	Cvstrac	1.1 (including)	1.1 (including)
Cvstrac	Cvstrac	1.1.1 (including)	1.1.1 (including)
Cvstrac	Cvstrac	1.1.2 (including)	1.1.2 (including)
Cvstrac	Cvstrac	1.1.3 (including)	1.1.3 (including)
Cvstrac	Cvstrac	1.1.4 (including)	1.1.4 (including)

References

http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html
http://marc.info/?l=bugtraq\u0026m=110332469631253\u0026w=2
http://www.cvstrac.org/cvstrac/chngview?cn=320
http://www.cvstrac.org/cvstrac/chngview?cn=321
http://www.mikx.de/index.php?p=6
http://www.securityfocus.com/bid/12017
https://exchange.xforce.ibmcloud.com/vulnerabilities/18726
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html
http://marc.info/?l=bugtraq\u0026m=110332469631253\u0026w=2
http://www.cvstrac.org/cvstrac/chngview?cn=320
http://www.cvstrac.org/cvstrac/chngview?cn=321
http://www.mikx.de/index.php?p=6
http://www.securityfocus.com/bid/12017
https://exchange.xforce.ibmcloud.com/vulnerabilities/18726

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1146
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html