FKIE_CVE-2004-0067

Vulnerability from fkie_nvd - Published: 2004-02-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107394912715478&w=2
cve@mitre.orghttp://secunia.com/advisories/26628Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1018613
cve@mitre.orghttp://www.osvdb.org/3473
cve@mitre.orghttp://www.osvdb.org/3474
cve@mitre.orghttp://www.osvdb.org/3475
cve@mitre.orghttp://www.osvdb.org/3476
cve@mitre.orghttp://www.osvdb.org/3477
cve@mitre.orghttp://www.osvdb.org/3478
cve@mitre.orghttp://www.osvdb.org/3479
cve@mitre.orghttp://www.securityfocus.com/archive/1/477881/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/11868
cve@mitre.orghttp://www.securityfocus.com/bid/11880
cve@mitre.orghttp://www.securityfocus.com/bid/11882
cve@mitre.orghttp://www.securityfocus.com/bid/11888
cve@mitre.orghttp://www.securityfocus.com/bid/11890
cve@mitre.orghttp://www.securityfocus.com/bid/11891
cve@mitre.orghttp://www.securityfocus.com/bid/11894
cve@mitre.orghttp://www.securityfocus.com/bid/11903
cve@mitre.orghttp://www.securityfocus.com/bid/11904
cve@mitre.orghttp://www.securityfocus.com/bid/11905
cve@mitre.orghttp://www.securityfocus.com/bid/11906
cve@mitre.orghttp://www.securityfocus.com/bid/11907
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2995Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/14212
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36285
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107394912715478&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26628Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018613
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3473
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3474
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3475
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3476
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3477
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3478
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3479
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/477881/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11868
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11880
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11882
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11888
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11890
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11891
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11894
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11903
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11904
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11905
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11906
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11907
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2995Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/14212
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36285
Impacted products
Vendor Product Version
phpgedview phpgedview *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpgedview:phpgedview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05501C0-BAF9-483E-A9CF-5F46D14E88FA",
              "versionEndIncluding": "2.65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php.  NOTE: some aspects of vector 10 were later reported to affect 4.1."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phpGedView anteriores a 2.65 permite a atacantes remotos inyectar HTML o script web arbitrario mediante (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, y (11) gdbi_interface.php. NOTA: se ha informado posteriormente que algunos aspectos relativos al vector 10 tambi\u00e9n afectan a la v4.1."
    }
  ],
  "id": "CVE-2004-0067",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-02-17T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107394912715478\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26628"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018613"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3473"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3474"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3475"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3476"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3477"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3478"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/477881/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11868"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11880"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11882"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11888"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11890"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11891"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11894"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11903"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11904"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11905"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11906"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11907"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2995"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14212"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107394912715478\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/477881/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36285"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.