CVE-2004-0310

medium

Description

Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/15268

http://www.securityfocus.com/bid/9700

http://marc.info/?l=bugtraq&m=107722627800820&w=2

Details

Source: Mitre, NVD

Published: 2004-11-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00828