Vulnerabilities > CVE-2005-1012 - Cross-Site Scripting vulnerability in SiteEnable
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | SITEENABLE_SORTBY_SQL_INJECTION.NASL |
| description | The remote host is running a version of the SiteEnable CMS package that has several vulnerabilities : - SQL Injection Vulnerability Due to a failure to properly sanitize user input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17970 |
| published | 2005-04-05 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17970 |
| title | SiteEnable Multiple Input Validation Vulnerabilities |