CVE-2004-2210

Name of the Vulnerable Software and Affected Versions Express-Web Content Management System (CMS) (affected versions not specified)

Description The issue allows remote attackers to steal cookie-based authentication information and possibly perform other exploits. This can be achieved through multiple cross-site scripting (XSS) vulnerabilities. The vulnerabilities exist in the n, b, e, or a parameters to "default.asp", the Referer header in an HTTP request to "login.asp", or the email parameter to "subscribe/default.asp".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.