CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 3CVE-2004-2072 – Mambo Open Source 4.6 - 'Itemid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2072
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. • https://www.exploit-db.com/exploits/23657 http://www.securityfocus.com/bid/9588 http://www.systemsecure.org/advisories/ssadvisory06022004.php https://exchange.xforce.ibmcloud.com/vulnerabilities/15062 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2004-1692 – Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1692
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. • https://www.exploit-db.com/exploits/24614 http://mamboforge.net/frs/shownotes.php?release_id=1672 http://marc.info/?l=bugtraq&m=109571849713158&w=2 http://www.osvdb.org/10179 http://www.securityfocus.com/bid/11220 https://exchange.xforce.ibmcloud.com/vulnerabilities/20616 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2004-1825 – Mambo Open Source 4.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1825
Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. • https://www.exploit-db.com/exploits/23824 http://marc.info/?l=bugtraq&m=107945576020593&w=2 http://secunia.com/advisories/11140 http://www.osvdb.org/4308 http://www.osvdb.org/4665 http://www.securityfocus.com/bid/9890 https://exchange.xforce.ibmcloud.com/vulnerabilities/15499 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2004-1826 – Mambo Open Source 4.5 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2004-1826
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. • https://www.exploit-db.com/exploits/23834 http://marc.info/?l=bugtraq&m=107945576020593&w=2 http://secunia.com/advisories/11140 http://www.osvdb.org/4307 http://www.securityfocus.com/bid/9891 https://exchange.xforce.ibmcloud.com/vulnerabilities/15500 •