Lucene search
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.PANEWS_XSS.NASLHistoryFeb 16, 2005 - 12:00 a.m.
paNews comment.php showpost Parameter XSS
2005-02-1600:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
18
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.4%
According to its banner, the remote host is running a version of paNews that fails to sanitize input to the ‘showpost’ parameter of the ‘comment.php’ script before using it to generate dynamic web content. By coercing an unsuspecting user into visiting a malicious website, an attacker may be able to possibly steal credentials or execute browser-side code.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(16479);
script_version("1.17");
script_cve_id("CVE-2005-0485");
script_bugtraq_id(12576);
script_name(english:"paNews comment.php showpost Parameter XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is affected by a
cross-site scripting issue." );
script_set_attribute(attribute:"description", value:
"According to its banner, the remote host is running a version of
paNews that fails to sanitize input to the 'showpost' parameter of the
'comment.php' script before using it to generate dynamic web content.
By coercing an unsuspecting user into visiting a malicious website, an
attacker may be able to possibly steal credentials or execute
browser-side code." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Feb/307" );
script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/16");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/02/17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Checks version of paNews");
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_dependencies("panews_detect.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
script_require_keys("www/panews");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
if (!can_host_php(port:port)) exit(0);
# Test an install.
install = get_kb_item(string("www/", port, "/panews"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
ver = matches[1];
if (ver && ver =~ "^([0-1]\.|2\.0b[0-4])$")
{
security_warning(port);
set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
}
}
Related
cve
cve
CVE-2005-0485
2005-03-30 05:00:00
cvelist
cvelist
CVE-2005-0485
2005-02-19 05:00:00
nvd
nvd
CVE-2005-0485
2005-03-30 05:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.4%
Related for PANEWS_XSS.NASL