Maxwebportal 1.3x - 'down.asp' HTTP_REFERER Cross-Site Scripting
| EKU-ID: 29107 | CVE: CVE-2004-0271;OSVDB-3909 | OSVDB-ID: |
| Author: Manuel Lopez | Published: 2004-02-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29107 | CVE: CVE-2004-0271;OSVDB-3909 | OSVDB-ID: |
| Author: Manuel Lopez | Published: 2004-02-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9625/info
It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.
MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.
<a href="<% =Request.ServerVariables("HTTP_REFERER") %>">Back</font></a></p>