Vulnerabilities > CVE-2005-2467 - Cross-Site Scripting vulnerability in MySQL Eventum
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Exploit-Db
description MySQL AB Eventum 1.x view.php id Parameter XSS. CVE-2005-2467 . Webapps exploit for php platform id EDB-ID:26056 last seen 2016-02-03 modified 2005-08-01 published 2005-08-01 reporter James Bercegay source https://www.exploit-db.com/download/26056/ title MySQL AB Eventum 1.x view.php id Parameter XSS description MySQL AB Eventum 1.x list.php release Parameter XSS. CVE-2005-2467. Webapps exploit for php platform id EDB-ID:26057 last seen 2016-02-03 modified 2005-08-01 published 2005-08-01 reporter James Bercegay source https://www.exploit-db.com/download/26057/ title MySQL AB Eventum 1.x list.php release Parameter XSS
References
- http://lists.mysql.com/eventum-users/2072
- http://marc.info/?l=bugtraq&m=112292193807958&w=2
- http://secunia.com/advisories/16304
- http://securitytracker.com/id?1014603
- http://www.gulftech.org/?node=research&article_id=00093-07312005
- http://www.osvdb.org/18400
- http://www.osvdb.org/18401
- http://www.osvdb.org/18402
- http://www.securityfocus.com/bid/14436
- http://www.vupen.com/english/advisories/2005/1287