CVE-2004-2497 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

Affected Software

Name	Vendor	Start Version	End Version
Web_page_generator_enterprise	Hitachi	03_03	03_03
Web_page_generator_enterprise	Hitachi	03_03_c	03_03_c
Web_page_generator_enterprise	Hitachi	03_00	03_00
Web_page_generator_enterprise	Hitachi	04_00_c	04_00_c
Web_page_generator_enterprise	Hitachi	03_03_d	03_03_d
Web_page_generator	Hitachi	02_00_c	02_00_c
Web_page_generator_enterprise	Hitachi	04_01_b	04_01_b
Web_page_generator_enterprise	Hitachi	04_00	04_00
Web_page_generator	Hitachi	01_00	01_00
Web_page_generator_enterprise	Hitachi	03_02_c	03_02_c
Web_page_generator	Hitachi	01_01_c	01_01_c
Web_page_generator_enterprise	Hitachi	04_01	04_01
Web_page_generator	Hitachi	02_00	02_00

References

http://www.hitachi-support.com/security_e/vuls_e/HS04-003_e/index-e.html
http://www.securityfocus.com/bid/10818
http://www.osvdb.org/8264
http://secunia.com/advisories/12150
https://exchange.xforce.ibmcloud.com/vulnerabilities/16822

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2497
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html