CVE-2004-1318

Severity

43%

Complexity

86%

Confidentiality

48%

Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized.

Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

Type

Namazu

First reported 20 years ago

2005-01-06 05:00:00

Last updated 7 years ago

2017-07-11 01:30:00

Affected Software

Namazu 2.0.7

2.0.7

Namazu 2.0.8

2.0.8

Namazu 2.0.13

2.0.13

References

http://jvn.jp/jp/JVN%23904429FE.html

Vendor Advisory

13600

1012802

1012805

DSA-627

Vendor Advisory

FEDORA-2004-557

http://www.namazu.org/security.html.en#xss-tab

Patch, Vendor Advisory

SUSE-SR:2005:001

12516

HPSBMA01212

12053

namazu-tab-query-xss(18623)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.