Vulnerabilities > CVE-2005-1605 - HTML Injection vulnerability in Positive Software Corporation SiteStudio

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

positive-software

NVD

Published: 2005-05-16

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.

Vulnerable Configurations

Part	Description	Count
Application	Positive_Software Positive Software Sitestudio 1.6_Final Positive Software Sitestudio 1.6_Patch_1	2

References

http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt
http://secunia.com/advisories/15286
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0154.html
http://www.osvdb.org/16240
http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html
http://www.psoft.net/SS/ss_16_security_update_guestbook.html
http://www.securityfocus.com/bid/13554
https://exchange.xforce.ibmcloud.com/vulnerabilities/20496