CVE-2004-0271

Name of the Vulnerable Software and Affected Versions MaxWebPortal (affected versions not specified)

Description The issue concerns multiple cross-site scripting vulnerabilities in MaxWebPortal. These vulnerabilities allow remote attackers to execute arbitrary web script as other users. The vulnerabilities can be exploited through various means, including the sub name parameter of 'dl showall.asp', the SendTo parameter in Personal Messages, the HTTP REFERER for 'down.asp', or the image name of an Avatar in the register form.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.