Cross-Site Scripting in Ansel by 4D Systems
CVE-2004-2267

Currently unrated

Key Information:

Vendor: 4D Systems
Status: Ansel
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2267?

Ansel versions 2.1 and earlier experience a cross-site scripting vulnerability that allows remote attackers to inject arbitrary HTML or web scripts via the album name input. This type of security flaw can lead to significant risks, such as session hijacking, redirecting users to malicious websites, or performing actions on behalf of users without their consent. It is crucial for users of affected products to implement patches or updates to mitigate these risks and enhance web application security.

References

http://www.securityfocus.com/bid/11824

vdb-entryx_refsource_BID

http://securitytracker.com/id?1012434

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/12237

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jul 19, 2005
Vulnerability published
Dec 31, 2004

CVE-2004-2267 Data

JSON