3 matches found
CVE-2005-0881
Interspire ArticleLive 2005 (PHP) contains a cross-site scripting (XSS) vulnerability in the articles.newcomment function, exploitable via the Articleld parameter to inject arbitrary script/HTML. The CVE-2005-0881 entry corresponds to this issue. Public details describe the vulnerability but do n...
CVE-2005-1483
Interspire ArticleLive 2005 is affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script/HTML via the Query, Username, LastName, Biography, or BlogId parameters. A Nessus plugin also notes a session-handling flaw that could enable remote attackers to gain adm...
CVE-2005-1482
CVE-2005-1482 affects ArticleLive 2005. Remote attackers can gain privileges by modifying the (1) auth and (2) userId fields in a cookie. The provided sources describe the cookie-tampering vulnerability and resulting privilege escalation; no explicit patch/remediation is detailed in the supplied ...