Lucene search

[email protected]CVE-2005-1508

HistoryMay 11, 2005 - 4:00 a.m.

CVE-2005-1508

2005-05-1104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

1508

cross-site scripting

xss

pwsphp

web script

html

remote attackers

injection

vulnerability

news module

stats module

profil.php

memberlist.php

recherche module

5.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.

CPENameOperatorVersion
pwsphp:pwsphppwsphpeq1.2.2

CPE	Name	Operator	Version
pwsphp:pwsphp	pwsphp	eq	1.2.2

References

marc.info/?l=bugtraq&m=111565808024581&w=2

secunia.com/advisories/15315

www.osvdb.org/16228

www.osvdb.org/16229

www.osvdb.org/16230

www.osvdb.org/16231

www.osvdb.org/16232

www.vupen.com/english/advisories/2005/0503

exchange.xforce.ibmcloud.com/vulnerabilities/20500

5.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2005-1508

nessus1 openvas1