PT-2004-3106 · Alivesites · Alivesites Forums

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2211

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions AliveSites Forums version 2.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to certain API endpoints. The affected parameters include forum id, method, and forum title to "post.asp", forum title to "forum.asp", and id to "post.asp".

Recommendations For AliveSites Forums version 2.0, as a temporary workaround, consider restricting access to the affected API endpoints, specifically "post.asp" and "forum.asp", until a patch is available. Avoid using the parameters forum id, method, forum title, and id in the affected endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2211

Affected Products

Alivesites Forums

PT-2004-3106 · Alivesites · Alivesites Forums

CVE-2004-2211

Related Identifiers

Affected Products

References · 7