CVE-2004-2514

PowerPortal 1.x - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field.

Exploits (1)

exploitdb WRITEUP VERIFIED

by vampz · textwebappsphp

https://www.exploit-db.com/exploits/24340

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16838

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1010802

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/8319

Various Sources x_refsource_misc

http://www.secure4arab.com/forum/showthread.php?t=302

Exploit x_refsource_misc

http://www.securiteam.com/unixfocus/5TP0O2ADFK.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10835

Scores

EPSS 0.0067

EPSS Percentile 71.6%

Details

Status published

Products (3)

powerportal/powerportal 1.1b

powerportal/powerportal 1.3

powerportal/powerportal 1.3b

Published Dec 31, 2004

Tracked Since Feb 18, 2026