Lucene search

[email protected]CVE-2005-3473

HistoryNov 03, 2005 - 2:02 a.m.

CVE-2005-3473

2005-11-0302:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

3473

xss

cross-site scripting

simple php blog

web script

html

remote attackers

injection

security vulnerability

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in © colors.php.

CPENameOperatorVersion
alexander_palmo:simple_php_blogalexander palmo simple php blogeq0.4.5

CPE	Name	Operator	Version
alexander_palmo:simple_php_blog	alexander palmo simple php blog	eq	0.4.5

References

secunia.com/advisories/17404

securityreason.com/securityalert/138

www.osvdb.org/20436

www.osvdb.org/20437

www.osvdb.org/20438

www.seclab.tuwien.ac.at/advisories/TUVSA-0511-001.txt

www.securityfocus.com/archive/1/415463

www.securityfocus.com/bid/15283

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.5%

JSON