Vulnerabilities > CVE-2003-0736 - Cross-Site Scripting vulnerability in Phpwebsite

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
phpwebsite
nessus
exploit available
NVD
Published: 2003-10-20
Updated: 2016-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.

Vulnerable Configurations

Part Description Count
Application
Phpwebsite
1

Exploit-Db

  • descriptionphpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 calendar Module day Parameter XSS. CVE-2003-0736. Webapps exploit for php platform
    idEDB-ID:23014
    last seen2016-02-02
    modified2003-08-11
    published2003-08-11
    reporterLorenzo Hernandez Garcia-Hierro
    sourcehttps://www.exploit-db.com/download/23014/
    titlephpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 calendar Module day Parameter XSS
  • descriptionphpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module PAGE_id Parameter XSS. CVE-2003-0736. Webapps exploit for php platform
    idEDB-ID:23016
    last seen2016-02-02
    modified2003-08-11
    published2003-08-11
    reporterLorenzo Hernandez Garcia-Hierro
    sourcehttps://www.exploit-db.com/download/23016/
    titlephpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module PAGE_id Parameter XSS
  • descriptionphpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module PDA_limit Parameter XSS. CVE-2003-0736. Webapps exploit for php platform
    idEDB-ID:23017
    last seen2016-02-02
    modified2003-08-11
    published2003-08-11
    reporterLorenzo Hernandez Garcia-Hierro
    sourcehttps://www.exploit-db.com/download/23017/
    titlephpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module PDA_limit Parameter XSS
  • descriptionphpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module fatcat_id Parameter XSS. CVE-2003-0736 . Webapps exploit for php platform
    idEDB-ID:23015
    last seen2016-02-02
    modified2003-08-11
    published2003-08-11
    reporterLorenzo Hernandez Garcia-Hierro
    sourcehttps://www.exploit-db.com/download/23015/
    titlephpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module fatcat_id Parameter XSS

Nessus

NASL familyCGI abuses
NASL idPHPWEBSITE_MULTIPLE_FLAWS.NASL
descriptionThere are multiple flaws in the remote version of phpWebSite that may allow an attacker to gain the control of the remote database, or to disable this site entirely.
last seen2020-06-01
modified2020-06-02
plugin id11816
published2003-08-11
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11816
titlephpWebSite < 0.9.x Multiple Vulnerabilities

References