Vulnerabilities > CVE-2005-2950 - Unspecified vulnerability in Sawmill
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sawmill
nessus
Summary
Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | SAWMILL_7_1_14.NASL |
| description | The version of Sawmill running on the remote web server is affected by a cross-site scripting vulnerability due to improper validation of user-supplied input appended to a GET request. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 19681 |
| published | 2005-09-12 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/19681 |
| title | Sawmill < 7.1.14 GET Request Query String XSS |
References
- http://marc.info/?l=bugtraq&m=112654659400488&w=2
- http://marc.info/?l=bugtraq&m=112654659400488&w=2
- http://secunia.com/advisories/16744/
- http://secunia.com/advisories/16744/
- http://securityreason.com/securityalert/1
- http://securityreason.com/securityalert/1
- http://www.nta-monitor.com/news/xss/sawmill/index.htm
- http://www.nta-monitor.com/news/xss/sawmill/index.htm
- http://www.sawmill.net/version_history.html
- http://www.sawmill.net/version_history.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22206