VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2550

CVE-2004-2550

Description

SandSurfer before 1.7.1 contains multiple XSS vulnerabilities in unspecified Perl scripts, allowing injected scripts to execute via reports.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SandSurfer before 1.7.1 contains multiple XSS vulnerabilities in unspecified Perl scripts, allowing injected scripts to execute via reports.

Vulnerability

Multiple cross-site scripting (XSS) vulnerabilities exist in unspecified Perl scripts in SandSurfer versions before 1.7.1 [1]. The flaws allow remote attackers to inject arbitrary web script or HTML into data that is later rendered in reports [1].

Exploitation

An attacker can inject malicious script or HTML via the vulnerable Perl scripts without requiring authentication, as the input is not sanitized [1]. The injected payload is stored and executed when a target user views the reports containing the injected data [1].

Impact

Successful exploitation leads to arbitrary script execution in the context of the victim's browser when viewing reports [1]. This can result in information disclosure, session hijacking, or other client-side attacks [1].

Mitigation

Upgrade to SandSurfer version 1.7.1 or later, which addresses the vulnerabilities [1]. No workarounds are disclosed in the available references [1].

References
  1. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Sandsurfer/Sandsurfer6 versions
    cpe:2.3:a:xperience:sandsurfer:1.6.2:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:xperience:sandsurfer:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xperience:sandsurfer:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xperience:sandsurfer:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:xperience:sandsurfer:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:xperience:sandsurfer:1.7.0:*:*:*:*:*:*:*
    • (no CPE)range: <1.7.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.