Vulnerabilities > CVE-2005-1605 - HTML Injection vulnerability in Positive Software Corporation SiteStudio
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
positive-software
Summary
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt
- http://secunia.com/advisories/15286
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0154.html
- http://www.osvdb.org/16240
- http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html
- http://www.psoft.net/SS/ss_16_security_update_guestbook.html
- http://www.securityfocus.com/bid/13554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20496