Vulnerabilities > CVE-2005-2064 - Cross-Site Scripting vulnerability in Asp-Nuke 0.80

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
asp-nuke
exploit available
NVD
Published: 2005-06-29
Updated: 2016-10-18

Summary

Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp.

Vulnerable Configurations

Part Description Count
Application
Asp-Nuke
1

Exploit-Db

  • descriptionASPNuke 0.80 forgot_password.asp email Parameter XSS. CVE-2005-2064. Webapps exploit for asp platform
    idEDB-ID:25905
    last seen2016-02-03
    modified2005-06-27
    published2005-06-27
    reporterAlberto Trivero
    sourcehttps://www.exploit-db.com/download/25905/
    titleASPNuke 0.80 forgot_password.asp email Parameter XSS
  • descriptionASPNuke 0.80 register.asp Multiple Parameter XSS. CVE-2005-2064 . Webapps exploit for asp platform
    idEDB-ID:25906
    last seen2016-02-03
    modified2005-06-27
    published2005-06-27
    reporterAlberto Trivero
    sourcehttps://www.exploit-db.com/download/25906/
    titleASPNuke 0.80 register.asp Multiple Parameter XSS

References