Vulnerabilities > CVE-2005-3473 - Input Validation vulnerability in Alexander Palmo Simple PHP Blog 0.4.5

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
alexander-palmo
exploit available
NVD
Published: 2005-11-03
Updated: 2018-10-19

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php.

Vulnerable Configurations

Part Description Count
Application
Alexander_Palmo
1

Exploit-Db

  • descriptionSimple PHP Blog 0.4 preview_cgi.php Multiple Parameter XSS. CVE-2005-3473. Webapps exploit for cgi platform
    idEDB-ID:26461
    last seen2016-02-03
    modified2005-11-02
    published2005-11-02
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/26461/
    titleSimple PHP Blog 0.4 preview_cgi.php Multiple Parameter XSS
  • descriptionSimple PHP Blog 0.4 colors.php Multiple Parameter XSS. CVE-2005-3473. Webapps exploit for cgi platform
    idEDB-ID:26463
    last seen2016-02-03
    modified2005-11-02
    published2005-11-02
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/26463/
    titleSimple PHP Blog 0.4 colors.php Multiple Parameter XSS
  • descriptionSimple PHP Blog 0.4 preview_static_cgi.php Multiple Parameter XSS. CVE-2005-3473. Webapps exploit for cgi platform
    idEDB-ID:26462
    last seen2016-02-03
    modified2005-11-02
    published2005-11-02
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/26462/
    titleSimple PHP Blog 0.4 preview_static_cgi.php Multiple Parameter XSS

References