Vulnerabilities > CVE-2005-1508 - Cross-Site Scripting vulnerability in Pwsphp 1.2.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses : XSS |
NASL id | PWSPHP_XSS.NASL |
description | The remote host runs PWSPHP (Portail Web System) a CMS written in PHP. The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18216 |
published | 2005-05-10 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18216 |
title | PwsPHP profil.php id Parameter XSS |
code |
|
References
- http://marc.info/?l=bugtraq&m=111565808024581&w=2
- http://secunia.com/advisories/15315
- http://www.osvdb.org/16228
- http://www.osvdb.org/16229
- http://www.osvdb.org/16230
- http://www.osvdb.org/16231
- http://www.osvdb.org/16232
- http://www.vupen.com/english/advisories/2005/0503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20500