Vulnerabilities > CVE-2005-0914 - Unspecified vulnerability in Cpg-Nuke CPG Dragonfly CMS 9.0.2.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cpg-nuke
nessus
NVD
Published: 2005-03-26
Updated: 2024-11-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.

Vulnerable Configurations

Part Description Count
Application
Cpg-Nuke
1

Nessus

NASL familyCGI abuses : XSS
NASL idCPGNUKE_MULTIPLE_XSS.NASL
descriptionThe version of CPG Dragonfly / CPG-Nuke CMS installed on the remote host suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user-input to several variables in various modules. An attacker can exploit these flaws to steal cookie-based authentication credentials and perform other such attacks.
last seen2020-06-01
modified2020-06-02
plugin id17647
published2005-03-29
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17647
titleCPG Dragonfly Multiple XSS

References