Vulnerabilities > CVE-2005-2638 - Cross-Site Scripting vulnerability in PHPfreenews 1.40
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description PHPFreeNews 1.40 SearchResults.php Multiple Parameter XSS. CVE-2005-2638. Webapps exploit for php platform id EDB-ID:26161 last seen 2016-02-03 modified 2005-08-17 published 2005-08-17 reporter h4cky source https://www.exploit-db.com/download/26161/ title PHPFreeNews 1.40 - SearchResults.php Multiple Parameter XSS description PHPFreeNews 1.40 NewsCategoryForm.php NewsMode Parameter XSS. CVE-2005-2638. Webapps exploit for php platform id EDB-ID:26160 last seen 2016-02-03 modified 2005-08-17 published 2005-08-17 reporter h4cky source https://www.exploit-db.com/download/26160/ title PHPFreeNews 1.40 NewsCategoryForm.php NewsMode Parameter XSS