CVE-2004-2757: XSS
First published: Fri Dec 31 2004(Updated: )
Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Novell iChain | <=2.2 | |
| Novell iChain | <=2.2 | |
| Novell iChain | <=2.2 | |
| Novell iChain | <=2.2 | |
| Novell iChain | <=2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2757?
CVE-2004-2757 is classified as a medium severity cross-site scripting vulnerability.
How do I fix CVE-2004-2757?
To fix CVE-2004-2757, users should upgrade to Novell iChain version 2.2 build 2.2.113 or later.
What does CVE-2004-2757 affect?
CVE-2004-2757 affects Novell iChain versions prior to 2.2 build 2.2.113.
What type of attack is involved in CVE-2004-2757?
CVE-2004-2757 involves a cross-site scripting attack that allows remote attackers to inject scripts.
Can CVE-2004-2757 lead to data theft?
Yes, CVE-2004-2757 can lead to data theft by allowing attackers to execute malicious scripts in a user's browser.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/novell
- canonical/novell ichain
- version/novell ichain/2.2