CVE-2004-2484

N/A Unknown

Published: December 31, 2004 Modified: April 16, 2026

Description

Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://cvs.sourceforge.net/viewcvs.py/phpgiftreg/src/event.php?r1=1.4&r2=1.5

Source: cve@mitre.org

http://cvs.sourceforge.net/viewcvs.py/phpgiftreg/src/index.php?r1=1.20&r2=1.21

Source: cve@mitre.org

http://secunia.com/advisories/13414

Source: cve@mitre.org

Patch Vendor Advisory

http://sourceforge.net/project/shownotes.php?release_id=288731

Source: cve@mitre.org

Patch

http://www.osvdb.org/12286

Source: cve@mitre.org

Patch

http://www.osvdb.org/12287

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/11879

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/18412

Source: cve@mitre.org

http://cvs.sourceforge.net/viewcvs.py/phpgiftreg/src/event.php?r1=1.4&r2=1.5