CVE-2004-2564 - Sporting Clay

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows and possibly other versions on Linux allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.

Reference

http://www.oliverkarow.de/research/sambar.txt http://www.securityfocus.com/bid/10444 http://www.osvdb.org/6583 http://www.osvdb.org/6584 http://securitytracker.com/id?1010353 http://secunia.com/advisories/11748 https://exchange.xforce.ibmcloud.com/vulnerabilities/16286