CVE-2004-2059

Xlinesoft Asprunner - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.

Exploits (4)

exploitdb WRITEUP VERIFIED
by Ferruh Mavituna · textwebappsasp
https://www.exploit-db.com/exploits/24315
exploitdb WRITEUP VERIFIED
by Ferruh Mavituna · textwebappsasp
https://www.exploit-db.com/exploits/24313
exploitdb WORKING POC VERIFIED
by Ferruh Mavituna · textwebappsasp
https://www.exploit-db.com/exploits/24314
exploitdb WORKING POC VERIFIED
by Ferruh Mavituna · textwebappsasp
https://www.exploit-db.com/exploits/24316

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16801
Exploit x_refsource_misc
http://ferruh.mavituna.com/article/?574
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/8256
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12164
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109086977330418&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/8255
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1010777
Exploit mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10799
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/8254
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/8257

Scores

EPSS 0.1016
EPSS Percentile 93.1%

Details

Status published
Products (6)
xlinesoft/asprunner 1.0
xlinesoft/asprunner 2.0
xlinesoft/asprunner 2.1
xlinesoft/asprunner 2.2
xlinesoft/asprunner 2.3
xlinesoft/asprunner 2.4
Published Dec 31, 2004
Tracked Since Feb 18, 2026