Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3959

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3959
Last Modified 07 Mar 2011 09:27:26
Published 01 Dec 2005 01:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3959

Summary

Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php.

Vulnerable Systems

Application

  • Freewebstat 1.0 Rev37


References

VUPEN - ADV-2005-2646

MISC - http://www.ush.it/2005/11/25/free-web-stat/

BID - 15601

BUGTRAQ - 20051128 Free Web Stat Multiple XSS Vulnerabilities

MISC - http://www.freewebstat.com/changelog-english.html

SECUNIA - 17783

XF - freewebstat-stat-search-xss(23391)

XF - freewebstat-logdb-xss(23387)

OSVDB - 21207

SECTRACK - 1015301


Last Updated: 27 May 2016 10:41:07