[email protected]CVE-2005-0870

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0870

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

xss

phpsysinfo

security vulnerability

remote injection

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

CPENameOperatorVersion
phpsysinfo:phpsysinfophpsysinfoeq2.3

CPE	Name	Operator	Version
phpsysinfo:phpsysinfo	phpsysinfo	eq	2.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118

marc.info/?l=bugtraq&m=111161017209422&w=2

secunia.com/advisories/14690/

secunia.com/advisories/17616

secunia.com/advisories/17643

www.debian.org/security/2005/dsa-724

www.debian.org/security/2005/dsa-897

www.debian.org/security/2005/dsa-898

www.debian.org/security/2005/dsa-899

www.mandriva.com/security/advisories?name=MDKSA-2005:212

www.securityfocus.com/archive/1/416543

www.securityfocus.com/bid/12887

www.securityfocus.com/bid/15414

exchange.xforce.ibmcloud.com/vulnerabilities/19807

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2005-0870

nessus7 ubuntucve1 debian8 openvas10 debiancve1 osv4 freebsd1 packetstorm1 securityvulns1