Vulnerabilities > CVE-2005-3014 - HTML Injection vulnerability in Ensim Webppliance 3.0/3.1/3.1.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Ensim webplliance allows remote attackers to inject arbitrary web script or HTML via the Login (OCW_login_username) field.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | WEBPPLIANCE_OCW_LOGIN_USERNAME_XSS.NASL |
| description | The remote host is running WEBppliance, a web hosting control panel for Windows and Linux from Ensim. The installed version of WEBppliance is prone to cross-site scripting attacks because it fails to sanitize user-supplied input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 19781 |
| published | 2005-09-27 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/19781 |
| title | WEBppliance ocw_login_username Parameter XSS |