Vulnerabilities > CVE-2005-0914 - Cross-Site Scripting vulnerability in Cpg-Nuke CPG Dragonfly CMS 9.0.2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | CPGNUKE_MULTIPLE_XSS.NASL |
| description | The version of CPG Dragonfly / CPG-Nuke CMS installed on the remote host suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user-input to several variables in various modules. An attacker can exploit these flaws to steal cookie-based authentication credentials and perform other such attacks. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17647 |
| published | 2005-03-29 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17647 |
| title | CPG Dragonfly Multiple XSS |