{"api_version":"1","generated_at":"2026-04-23T15:17:59+00:00","cve":"CVE-2004-1640","urls":{"html":"https://cve.report/CVE-2004-1640","api":"https://cve.report/api/cve/CVE-2004-1640.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-1640","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-1640"},"summary":{"title":"CVE-2004-1640","description":"Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-08-28 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/12424","name":"http://secunia.com/advisories/12424","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - XOOPS Dictionary Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/9393","name":"http://www.osvdb.org/9393","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17152","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17152","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17154","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17154","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=109394077209963&w=2","name":"http://marc.info/?l=bugtraq&m=109394077209963&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'Cross Site Scripting in XOOPS Version 2.x Dictionary module' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/11064","name":"http://www.securityfocus.com/bid/11064","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"Nagl XOOPS Dictionary Module Multiple Cross-Site Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://cyruxnet.org/modulo_dic_xoops.htm","name":"http://cyruxnet.org/modulo_dic_xoops.htm","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CyruxNET","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.osvdb.org/9394","name":"http://www.osvdb.org/9394","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-1640","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-1640","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"1640","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xoops","cpe5":"xoops_dictionary","cpe6":"0.94","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"1640","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xoops","cpe5":"xoops_dictionary","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:00:36.779Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"xoops-dictionary-letter-xss(17154)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17154"},{"name":"9394","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/9394"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://cyruxnet.org/modulo_dic_xoops.htm"},{"name":"11064","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/11064"},{"name":"20040828 Cross Site Scripting in XOOPS Version 2.x Dictionary module","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=109394077209963&w=2"},{"name":"xoops-dictionary-search-xss(17152)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17152"},{"name":"12424","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/12424"},{"name":"9393","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/9393"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-08-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"xoops-dictionary-letter-xss(17154)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17154"},{"name":"9394","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/9394"},{"tags":["x_refsource_MISC"],"url":"http://cyruxnet.org/modulo_dic_xoops.htm"},{"name":"11064","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/11064"},{"name":"20040828 Cross Site Scripting in XOOPS Version 2.x Dictionary module","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=109394077209963&w=2"},{"name":"xoops-dictionary-search-xss(17152)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17152"},{"name":"12424","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/12424"},{"name":"9393","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/9393"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-1640","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"xoops-dictionary-letter-xss(17154)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17154"},{"name":"9394","refsource":"OSVDB","url":"http://www.osvdb.org/9394"},{"name":"http://cyruxnet.org/modulo_dic_xoops.htm","refsource":"MISC","url":"http://cyruxnet.org/modulo_dic_xoops.htm"},{"name":"11064","refsource":"BID","url":"http://www.securityfocus.com/bid/11064"},{"name":"20040828 Cross Site Scripting in XOOPS Version 2.x Dictionary module","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=109394077209963&w=2"},{"name":"xoops-dictionary-search-xss(17152)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17152"},{"name":"12424","refsource":"SECUNIA","url":"http://secunia.com/advisories/12424"},{"name":"9393","refsource":"OSVDB","url":"http://www.osvdb.org/9393"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-1640","datePublished":"2005-02-20T05:00:00.000Z","dateReserved":"2005-02-21T00:00:00.000Z","dateUpdated":"2024-08-08T01:00:36.779Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-08-28 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:xoops:xoops_dictionary:0.94:*:*:*:*:*:*:*","matchCriteriaId":"488E423F-275F-4C9D-AD1D-386E95900E6C"},{"vulnerable":false,"criteria":"cpe:2.3:a:xoops:xoops_dictionary:1.0:*:*:*:*:*:*:*","matchCriteriaId":"4B7EC920-3B37-448C-AD54-1B6872477CC7"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"1640","Ordinal":"1","Title":"CVE-2004-1640","CVE":"CVE-2004-1640","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"1640","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.","Type":"Description","Title":"CVE-2004-1640"},{"CveYear":"2004","CveId":"1640","Ordinal":"2","NoteData":"2005-02-20","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"1640","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}