2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2004-2363" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2004-12-31T05:00:00.000" ,
2025-04-03 02:06:18 +00:00
"lastModified" : "2025-04-03T01:03:51.193" ,
"vulnStatus" : "Deferred" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal \"<\", \">\", \"(\", and \")\" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N" ,
2024-11-21 23:11:37 +00:00
"baseScore" : 4.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-11-21 23:11:37 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-Other"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A6CEA20A-E641-4997-B35A-06EC14C83B33"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E73B574A-3307-4734-884B-A7893CEE56B4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "01584023-8155-4FA8-8F37-4CCA48FCC8DE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.0.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8AD47CA4-A5E9-4EAB-9D9D-32892D384B51"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.0.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D48E8454-0808-46B7-A692-F91BF20C3733"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.0.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9D8466FC-E652-4B52-A3AB-601CFBDBE0D9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.0.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D9F3A1D6-657D-46A7-9FD7-6EB43FE4D3EE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.0.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3C793EC7-0B35-4C43-90B3-D39EA917E40E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "34ACF990-0A89-43B1-ACA6-54CEFB1A45EB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BF48C341-2255-4A3B-8DC6-82797BBD40CF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.1.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F6157764-E76A-452E-8991-366224E9D6E8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.1.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "751ABFD4-5DCA-4D93-87B0-14D4C8A66B80"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.1.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BCA0E2F6-8CDC-4D70-AE79-0E4FF3D64F77"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4F9A8C2F-611E-4E2B-9B3B-E6606BCC3519"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97DBE63F-32EC-43A0-8454-62DA124919F4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D6BE8112-E8CF-4D38-B3AD-843446B26392"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.2.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A692A925-E22A-4A35-96F8-8F9E123B44E0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.2.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9CC47FB8-8F61-4389-8F7F-F8397863884B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.2.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5E28B044-1D5C-45E4-8901-057117CD0590"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpx:phpx:3.2.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E1CE385A-D04D-4E20-9C64-9B2E4307988E"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www.phpx.org/project.php?action=view&project_id=1" ,
"source" : "cve@mitre.org" ,
"tags" : [
2024-02-14 17:08:46 +00:00
"Patch" ,
"URL Repurposed"
2023-04-24 12:24:31 +02:00
]
} ,
{
"url" : "http://www.securityfocus.com/archive/1/362230" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Vendor Advisory"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/10283" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Patch"
]
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16065" ,
"source" : "cve@mitre.org"
2024-11-21 23:11:37 +00:00
} ,
{
"url" : "http://www.phpx.org/project.php?action=view&project_id=1" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"URL Repurposed"
]
} ,
{
"url" : "http://www.securityfocus.com/archive/1/362230" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Vendor Advisory"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/10283" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Patch"
]
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16065" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
