Vulnerabilities > CVE-2005-0674 - HTML Injection vulnerability in PHP Arena Pabox 1.6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

php-arena

NVD

Published: 2005-03-03

Updated: 2016-10-18

Summary

Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.

Vulnerable Configurations

Part	Description	Count
Application	Php_Arena PHP Arena Pabox 1.6	1

References

http://marc.info/?l=bugtraq&m=110987537431541&w=2
http://secunia.com/advisories/14474
http://securitytracker.com/id?1013363
http://www.securityfocus.com/bid/12719