Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4307

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4307
Last Modified 07 Mar 2011 09:27:59
Published 16 Dec 2005 07:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4307

Summary

Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.

Vulnerable Systems

Application

  • Jonathan Bravata Scarecrow 2.00 Beta

  • Jonathan Bravata Scarecrow 2.01 Beta

  • Jonathan Bravata Scarecrow 2.10

  • Jonathan Bravata Scarecrow 2.11

  • Jonathan Bravata Scarecrow 2.12

  • Jonathan Bravata Scarecrow 2.13


References

VUPEN - ADV-2005-2937

BID - 15915

OSVDB - 21779

OSVDB - 21778

OSVDB - 21777

SECUNIA - 18084

MISC - http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html


Last Updated: 27 May 2016 10:41:15