Vulnerabilities > CVE-2005-2638 - Unspecified vulnerability in PHPfreenews 1.40
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpfreenews
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description PHPFreeNews 1.40 SearchResults.php Multiple Parameter XSS. CVE-2005-2638. Webapps exploit for php platform id EDB-ID:26161 last seen 2016-02-03 modified 2005-08-17 published 2005-08-17 reporter h4cky source https://www.exploit-db.com/download/26161/ title PHPFreeNews 1.40 - SearchResults.php Multiple Parameter XSS description PHPFreeNews 1.40 NewsCategoryForm.php NewsMode Parameter XSS. CVE-2005-2638. Webapps exploit for php platform id EDB-ID:26160 last seen 2016-02-03 modified 2005-08-17 published 2005-08-17 reporter h4cky source https://www.exploit-db.com/download/26160/ title PHPFreeNews 1.40 NewsCategoryForm.php NewsMode Parameter XSS
References
- http://marc.info/?l=bugtraq&m=112439254700016&w=2
- http://marc.info/?l=bugtraq&m=112439254700016&w=2
- http://secunia.com/advisories/16490/
- http://secunia.com/advisories/16490/
- http://securitytracker.com/id?1014726
- http://securitytracker.com/id?1014726
- http://www.securityfocus.com/bid/14590
- http://www.securityfocus.com/bid/14590