Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3955

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3955
Last Modified 30 Jun 2015 09:04:27
Published 01 Dec 2005 01:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3955

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.

Vulnerable Systems

Application

  • Blogbuddies 0.3

  • Jaws 0.6.2

  • Magpierss 7.1


References

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847

SECUNIA - 17741

XF - jaws-magpieslashbox-xss(27337)

VUPEN - ADV-2006-2546

BID - 18665

BID - 15555

BUGTRAQ - 20060626 Jaws <= 0.6.2 'Search gadget' SQL injection

OSVDB - 21643

OSVDB - 21113

OSVDB - 21112

MISC - http://www.jaws-project.com/index.php?blog/show/29

SECTRACK - 1015264

SECUNIA - 20842

MISC - http://retrogod.altervista.org/JAWS_062_sql.html

FULLDISC - 20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities


Last Updated: 27 May 2016 11:09:04