{"api_version":"1","generated_at":"2026-05-13T02:29:38+00:00","cve":"CVE-2004-2757","urls":{"html":"https://cve.report/CVE-2004-2757","api":"https://cve.report/api/cve/CVE-2004-2757.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-2757","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-2757"},"summary":{"title":"CVE-2004-2757","description":"Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/9412","name":"http://www.securityfocus.com/bid/9412","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Novell iChain Web Server Failed Login Page Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14873","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14873","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm","name":"http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"TID-10080762 NESSUS scan results against iChain 2.2 and iChain 2.3 ( 09JUL2004)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/10653","name":"http://secunia.com/advisories/10653","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Novell iChain \"url\" Parameter Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-2757","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-2757","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"2757","vulnerable":"1","versionEndIncluding":"2.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"novell","cpe5":"ichain","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2757","vulnerable":"1","versionEndIncluding":"2.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"novell","cpe5":"ichain","cpe6":"*","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2757","vulnerable":"1","versionEndIncluding":"2.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"novell","cpe5":"ichain","cpe6":"*","cpe7":"sp1a","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2757","vulnerable":"1","versionEndIncluding":"2.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"novell","cpe5":"ichain","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2757","vulnerable":"1","versionEndIncluding":"2.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"novell","cpe5":"ichain","cpe6":"*","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:36:25.367Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"10653","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/10653"},{"name":"ichain-url-xss(14873)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14873"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm"},{"name":"9412","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/9412"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-01-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"10653","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/10653"},{"name":"ichain-url-xss(14873)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14873"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm"},{"name":"9412","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/9412"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-2757","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"10653","refsource":"SECUNIA","url":"http://secunia.com/advisories/10653"},{"name":"ichain-url-xss(14873)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14873"},{"name":"http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm","refsource":"CONFIRM","url":"http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm"},{"name":"9412","refsource":"BID","url":"http://www.securityfocus.com/bid/9412"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-2757","datePublished":"2007-11-20T02:00:00.000Z","dateReserved":"2007-11-19T00:00:00.000Z","dateUpdated":"2024-08-08T01:36:25.367Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:novell:ichain:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2","matchCriteriaId":"E515888D-84AA-4815-B0C1-28CE52E5CDA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:novell:ichain:*:sp1:*:*:*:*:*:*","versionEndIncluding":"2.2","matchCriteriaId":"C46A5CED-54C9-4583-B417-2257DF70FE1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:novell:ichain:*:sp1a:*:*:*:*:*:*","versionEndIncluding":"2.2","matchCriteriaId":"0F5E2295-13C5-42D5-A6A0-6282F0F77C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:novell:ichain:*:sp2:*:*:*:*:*:*","versionEndIncluding":"2.2","matchCriteriaId":"C53A9678-1F5B-4AEE-8377-A20C85863BCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:novell:ichain:*:sp3:*:*:*:*:*:*","versionEndIncluding":"2.2","matchCriteriaId":"5B5C45A8-E799-471A-81A5-85E3D2AA80E9"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"2757","Ordinal":"1","Title":"CVE-2004-2757","CVE":"CVE-2004-2757","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"2757","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.","Type":"Description","Title":"CVE-2004-2757"},{"CveYear":"2004","CveId":"2757","Ordinal":"2","NoteData":"2007-11-19","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"2757","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}