ID OSVDB:21832 Type osvdb Reporter r0t(krustevs@googlemail.com) Modified 2005-12-17T10:18:26
Description
Vulnerability Description
contenite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
contenite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
{"id": "OSVDB:21832", "bulletinFamily": "software", "title": "contenite home.php id Variable XSS", "description": "## Vulnerability Description\ncontenite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ncontenite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\n/home.php?id=[XSS]\n## References:\nVendor URL: http://contenite.de/\n[Secunia Advisory ID:18144](https://secuniaresearch.flexerasoftware.com/advisories/18144/)\nOther Advisory URL: http://pridels.blogspot.com/2005/12/contenite-xss-vuln.html\n[CVE-2005-4387](https://vulners.com/cve/CVE-2005-4387)\nBugtraq ID: 15942\n", "published": "2005-12-17T10:18:26", "modified": "2005-12-17T10:18:26", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:21832", "reporter": "r0t(krustevs@googlemail.com)", "references": [], "cvelist": ["CVE-2005-4387"], "type": "osvdb", "lastseen": "2017-04-28T13:20:18", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "8bfa32554751cb46223d4730776373f0"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "3bcdf66642a96333fc7b6049115d4636"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "e986028022a6b2cbb31263689c90e169"}, {"key": "href", "hash": "273014135b899a509c29f3e0bc0fd239"}, {"key": "modified", "hash": "6b896fb7f23d477eb77450a76c5d41dd"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6b896fb7f23d477eb77450a76c5d41dd"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "03dc8b773aeffb68c06b0976b3061a22"}, {"key": "title", "hash": "4490cec6f4e5d4f42cc78607236d1821"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "ec1fd05078f3183c9c3da955004e884ea57810c28fa0b22f7bf9dc7683c3a6cf", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "contenite", "operator": "eq", "version": "0.11"}], "enchantments": {"vulnersScore": 3.5}}
{"result": {"cve": [{"id": "CVE-2005-4387", "type": "cve", "title": "CVE-2005-4387", "description": "Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.", "published": "2005-12-19T21:03:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4387", "cvelist": ["CVE-2005-4387"], "lastseen": "2016-09-03T06:10:44"}]}}