Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Jun 16, 2026

CVE-2003-1204

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.

Affected products

Mambo (software)/Site Serverllm-fuzzy
Range: <=4.0.12 BETA

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/306206nvdExploit
www.osvdb.org/7495nvd
www.osvdb.org/7496nvd
www.osvdb.org/7497nvd
www.osvdb.org/7498nvd
www.osvdb.org/7499nvd
www.osvdb.org/7500nvd
www.osvdb.org/7501nvd
www.osvdb.org/7502nvd
www.osvdb.org/7503nvd
www.osvdb.org/7504nvd
www.osvdb.org/7505nvd
www.securityfocus.com/bid/6571nvd
exchange.xforce.ibmcloud.com/vulnerabilities/11050nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000