Lucene search

[email protected]CVE-2005-0270

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0270

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0270

reviewpost php pro

xss

vulnerabilities

web script

html

remote attackers

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.

Affected configurations

NVD

Node

photopostreviewpost_php_proRange≤2.84

photopostreviewpost_php_proMatch1.0.2

photopostreviewpost_php_proMatch2.5

photopostreviewpost_php_proMatch2.5.1

CPENameOperatorVersion
photopost:reviewpost_php_prophotopost reviewpost php prole2.84
photopost:reviewpost_php_prophotopost reviewpost php proeq1.0.2
photopost:reviewpost_php_prophotopost reviewpost php proeq2.5
photopost:reviewpost_php_prophotopost reviewpost php proeq2.5.1

CPE	Name	Operator	Version
photopost:reviewpost_php_pro	photopost reviewpost php pro	le	2.84
photopost:reviewpost_php_pro	photopost reviewpost php pro	eq	1.0.2
photopost:reviewpost_php_pro	photopost reviewpost php pro	eq	2.5
photopost:reviewpost_php_pro	photopost reviewpost php pro	eq	2.5.1

References

marc.info/?l=bugtraq&m=110485682424110&w=2

secunia.com/advisories/13697/

www.gulftech.org/?node=research&article_id=00062-01022005

exchange.xforce.ibmcloud.com/vulnerabilities/18731

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2005-0270

nvd1 cvelist1 exploitpack1 exploitdb1