Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2138

Description

Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the (1) Name, (2) Email, (3) Homepage or (4) Comments field.

Affected products

Allwebscripts/Mysqlguest
cpe:2.3:a:allwebscripts:mysqlguest:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.computerknights.org/forum_viewtopic.phpnvdExploitURL Repurposed
securitytracker.com/idnvd
www.securityfocus.com/bid/11234nvd
exchange.xforce.ibmcloud.com/vulnerabilities/17462nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000