VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2497

CVE-2004-2497

Description

Cross-site scripting vulnerability in Hitachi Web Page Generator 4.01 and earlier when debug mode is on, allowing arbitrary script injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in Hitachi Web Page Generator 4.01 and earlier when debug mode is on, allowing arbitrary script injection.

Vulnerability

Cross-site scripting (XSS) vulnerability in the error handler of Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier. The issue occurs when using the default error template and debug mode is set to ON, allowing remote attackers to inject arbitrary web script or HTML via unknown attack vectors [1].

Exploitation

Attack vectors are not fully disclosed, but exploitation requires the debug mode to be enabled and the default error template to be in use. An attacker likely crafts a malicious request that triggers an error, injecting script into the error response. User interaction (e.g., clicking a crafted link) may be needed to deliver the payload [1].

Impact

Successful exploitation allows an attacker to inject arbitrary web script or HTML, leading to potential session hijacking, website defacement, or theft of sensitive user data within the context of the vulnerable site.

Mitigation

No specific patch version is detailed in the reference; however, the vendor likely addressed the issue in a later release. Mitigations include updating to a version beyond 4.01, disabling debug mode, or using a custom error template [1].

References
  1. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

15
  • Hitachi/Web Page Generator Enterprise15 versions
    cpe:2.3:a:hitachi:web_page_generator:01_00:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:hitachi:web_page_generator:01_00:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator:01_01_c:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator:02_00:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator:02_00_c:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:03_00:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:03_02_c:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:03_03:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:03_03_c:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:03_03_d:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:04_00:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:04_00_c:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:04_01:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:web_page_generator_enterprise:04_01_b:*:*:*:*:*:*:*
    • (no CPE)range: <=4.01
    • (no CPE)range: <=4.01

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.