Vulnerabilities > CVE-2005-2322 - Cross-Site Scripting vulnerability in Class-1 Forum

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

class-1

clever-copy

NVD

Published: 2005-07-19

Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_id or (2) group parameter to users.php.

Vulnerable Configurations

Part	Description	Count
Application	Class-1 Class 1 Class 1 Forum 0.23.2 Class 1 Class 1 Forum 0.24.4	2
Application	Clever_Copy Clever Copy Clever Copy *	1

References

http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html
http://secunia.com/advisories/16078
http://securitytracker.com/id?1014485
http://securitytracker.com/id?1014486
http://www.osvdb.org/17920
http://www.securityfocus.com/bid/14261