VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 30, 2004· Updated Apr 16, 2026

CVE-2004-1979

CVE-2004-1979

Description

PROPS 0.6.1 is vulnerable to cross-site scripting via the search_string parameter in do_search.php, allowing arbitrary HTML/script injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

PROPS 0.6.1 is vulnerable to cross-site scripting via the search_string parameter in do_search.php, allowing arbitrary HTML/script injection.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in PROPS version 0.6.1 in the do_search.php script. The search_string parameter is not properly sanitized before being reflected in the page output, enabling injection of arbitrary HTML or web script. The vulnerable code path is triggered when a user performs a search operation. [1]

Exploitation

An attacker can exploit this by crafting a URL with malicious code in the search_string parameter. No authentication is required; the only precondition is that a victim visits the crafted link. For example, an attacker could use: http://target/props/do_search.php?search_string=. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary HTML or JavaScript in the context of the victim's browser. This can lead to session hijacking, defacement, or phishing attacks against users of the vulnerable PROPS application. [1]

Mitigation

According to the release notes for PROPS, version 0.6.2 was released on 2004-04-30 to address this vulnerability [2]. Users should upgrade to PROPS 0.6.2 or later. No workarounds are documented in the available references.

References
  1. 'Props 0.6.1 XSS and Remote File Viewing Vulnerability'
  2. PROPS - News Publishing Platform

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Props/Props2 versions
    cpe:2.3:a:props:props:0.6.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:props:props:0.6.1:*:*:*:*:*:*:*
    • (no CPE)range: =0.6.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.