CVE-2004-2113
Description
Cross-site scripting vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary script via the URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary script via the URL.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in BremsServer version 1.2.4 [2]. The server fails to properly filter user-supplied input in the URL, allowing malicious script to be echoed back in the response page [2]. No authentication or special configuration is required to reach the vulnerable code path.
Exploitation
An attacker can exploit this by crafting a URL containing script tags, such as http://[host]/ [2]. When a victim visits this URL, the script executes in the context of the vulnerable server. No prior authentication or network position beyond sending the link is required.
Impact
Successful exploitation allows arbitrary web script or HTML injection [1][2]. An attacker can execute JavaScript in the victim's browser, potentially stealing cookies, session tokens, or performing actions on behalf of the user within the scope of the BremsServer domain.
Mitigation
The vendor stated that the bug would be fixed in the next version of BremsServer [2]. Users should check the official website (http://www.herberlin.de/) for updates. No workaround is provided. There is no indication that this CVE is on the KEV list.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:herberlin:bremsserver:1.2.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:herberlin:bremsserver:1.2.4:*:*:*:*:*:*:*
- (no CPE)range: =1.2.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.