Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3308

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3308
Last Modified 07 Mar 2011 09:26:15
Published 25 Oct 2005 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3308

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php.

Vulnerable Systems

Application

  • Zomplog 3.3

  • Zomplog 3.4


References

XF - zomplog-multiple-scripts-xss(22828)

SECTRACK - 1015088

SECUNIA - 17306

BUGTRAQ - 20051022 Zomplog Script Injection Vulnerability =>3.4 (all versions

BID - 15168

OSVDB - 20255

OSVDB - 20254

OSVDB - 20253


Last Updated: 27 May 2016 10:40:52