Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0670

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-0670
Last Modified 05 Sep 2008 04:46:58
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-0670

Summary

Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.

Vulnerable Systems

Application

  • Coinsoft Technologies Phpcoin 1.2

  • Coinsoft Technologies Phpcoin 1.2.1

  • Coinsoft Technologies Phpcoin 1.2.1b


References

SECUNIA - 14439

CONFIRM - http://forums.phpcoin.com/index.php?showtopic=4116

XF - phpcoin-xss(19572)

BID - 12686

SECTRACK - 1013329

MISC - http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html

CONFIRM - http://forums.phpcoin.com/index.php?showtopic=4118

CONFIRM - http://forums.phpcoin.com/index.php?showtopic=4101


Last Updated: 27 May 2016 10:39:53