Lucene search
Copyright (C) 2004 David MaciejakOPENVAS:136141256231014685HistoryNov 03, 2005 - 12:00 a.m.
PsNews XSS
2005-11-0300:00:00
Copyright (C) 2004 David Maciejak
plugins.openvas.org
32
6.1 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.9%
The remote server is running a version of PsNews (a content management system)
which is older than 1.2.
This version is affected by multiple cross-site scripting flaws. An attacker
may exploit these to steal the cookies from legitimate users of this website.
# SPDX-FileCopyrightText: 2004 David Maciejak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
# Ref: Michal Blaszczak <wacky nicponie org>
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.14685");
script_version("2023-12-13T05:05:23+0000");
script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_cve_id("CVE-2004-1665");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/11124");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("PsNews XSS");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2004 David Maciejak");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "cross_site_scripting.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_tag(name:"solution", value:"Upgrade to a newer version.");
script_tag(name:"summary", value:"The remote server is running a version of PsNews (a content management system)
which is older than 1.2.
This version is affected by multiple cross-site scripting flaws. An attacker
may exploit these to steal the cookies from legitimate users of this website.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod", value:"50"); # No extra check, prone to false positives and doesn't match existing qod_types
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) ) exit( 0 );
host = http_host_name( dont_add_port:TRUE );
if( http_get_has_generic_xss( port:port, host:host ) ) exit( 0 );
foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {
if( dir == "/" ) dir = "";
url = dir + "/index.php?function=show_all&no=%253cscript>foo%253c/script>";
if( http_vuln_check( port:port, url:url, pattern:"<script>foo</script>", check_header:TRUE ) ) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
url = dir + "/index.php?function=add_kom&no=<script>foo</script>";
if( http_vuln_check( port:port, url:url, pattern:"<script>foo</script>", check_header:TRUE ) ) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
}
exit( 99 );
References
Related
nessus
nessus
PsNews index.php Multiple Parameter XSS
2004-09-08 00:00:00
cve
cve
CVE-2004-1665
2004-09-05 04:00:00
6.1 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.9%
Related for OPENVAS:136141256231014685