Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3552

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3552
Last Modified 13 Sep 2011 12:00:00
Published 16 Nov 2005 02:42:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3552

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook.

Vulnerable Systems

Application

  • Phpkit 1.6.1


References

XF - phpkit-guestbook-xss(23009)

XF - phpkit-imcenter-xss(23008)

XF - phpkit-html-tags-xss(23007)

XF - phpkit-referer-xss(23006)

XF - phpkit-admin-xss(23004)

XF - phpkit-profile-userinfo-xss(23003)

VUPEN - ADV-2005-2344

BID - 15354

OSVDB - 20559

OSVDB - 20558

OSVDB - 20557

OSVDB - 20556

OSVDB - 20555

OSVDB - 20554

OSVDB - 20553

MISC - http://www.hardened-php.net/advisory_212005.80.html

SECTRACK - 1015167

SECUNIA - 17479

BUGTRAQ - 20051105 Advisory 21/2005: Multiple vulnerabilities in PHPKIT


Last Updated: 27 May 2016 10:40:58