CVE-2004-1692 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2004-1692

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.

Affected Software

Name	Vendor	Start Version	End Version
Mambo_open_source	Mambo	4.5_1.0.9 (including)	4.5_1.0.9 (including)

References

http://mamboforge.net/frs/shownotes.php?release_id=1672
http://marc.info/?l=bugtraq\u0026m=109571849713158\u0026w=2
http://www.osvdb.org/10179
http://www.securityfocus.com/bid/11220
https://exchange.xforce.ibmcloud.com/vulnerabilities/20616