CVE-2004-2670

Name of the Vulnerable Software and Affected Versions eNdonesia version 8.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the mod.php file of eNdonesia. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved through two main vectors: (1) the mod parameter in a 'viewcat' operation or (2) the query parameter in a 'search' operation within the publisher module.

Recommendations For eNdonesia version 8.3, consider disabling the mod.php file or restricting access to the 'viewcat' and 'search' operations in the publisher module until a patch is available. Avoid using the mod and query parameters in these operations to minimize the risk of exploitation.