CVE-2004-1397
Description
UseModWiki 1.0 is vulnerable to cross-site scripting via an argument to wiki.pl, allowing arbitrary script injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
UseModWiki 1.0 is vulnerable to cross-site scripting via an argument to wiki.pl, allowing arbitrary script injection.
Vulnerability
UseModWiki 1.0 contains a cross-site scripting (XSS) vulnerability due to an input validation flaw in wiki.pl. An attacker can inject arbitrary web script or HTML by passing a malicious argument to the script. The advisory [1] confirms this affects UseModWiki 1.0.
Exploitation
An attacker can exploit this vulnerability remotely without authentication by crafting a URL such as http://[victim]/cgi-bin/wiki.pl?. If a victim clicks the link, the injected script executes in their browser session in the context of the affected site [1].
Impact
Successful exploitation allows an attacker to execute arbitrary script code in a user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information [1].
Mitigation
As of the advisory publication date (2004-12-09), no fix was available from the vendor. No workaround was known [1]. Users should consider upgrading to a patched version if one becomes available or applying external input filtering.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2= 1.0+ 1 more
- (no CPE)range: = 1.0
- (no CPE)range: = 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.