Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1508

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-1508
Last Modified 07 Mar 2011 09:22:07
Published 11 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-1508

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.

Vulnerable Systems

Application

  • Pwsphp 1.2.2


References

XF - pwsphp-mulitple-scripts-xss(20500)

VUPEN - ADV-2005-0503

OSVDB - 16232

OSVDB - 16231

OSVDB - 16230

OSVDB - 16229

OSVDB - 16228

SECUNIA - 15315

BUGTRAQ - 20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities


Last Updated: 27 May 2016 10:40:12