Vulnerabilities > CVE-2005-2467 - Cross-Site Scripting vulnerability in MySQL Eventum

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
mysql
exploit available
NVD
Published: 2005-12-31
Updated: 2016-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.

Vulnerable Configurations

Part Description Count
Application
Mysql
8

Exploit-Db

  • descriptionMySQL AB Eventum 1.x view.php id Parameter XSS. CVE-2005-2467 . Webapps exploit for php platform
    idEDB-ID:26056
    last seen2016-02-03
    modified2005-08-01
    published2005-08-01
    reporterJames Bercegay
    sourcehttps://www.exploit-db.com/download/26056/
    titleMySQL AB Eventum 1.x view.php id Parameter XSS
  • descriptionMySQL AB Eventum 1.x list.php release Parameter XSS. CVE-2005-2467. Webapps exploit for php platform
    idEDB-ID:26057
    last seen2016-02-03
    modified2005-08-01
    published2005-08-01
    reporterJames Bercegay
    sourcehttps://www.exploit-db.com/download/26057/
    titleMySQL AB Eventum 1.x list.php release Parameter XSS

References