Vulnerabilities > CVE-2005-3473 - Input Validation vulnerability in Alexander Palmo Simple PHP Blog 0.4.5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Simple PHP Blog 0.4 preview_cgi.php Multiple Parameter XSS. CVE-2005-3473. Webapps exploit for cgi platform id EDB-ID:26461 last seen 2016-02-03 modified 2005-11-02 published 2005-11-02 reporter [email protected] source https://www.exploit-db.com/download/26461/ title Simple PHP Blog 0.4 preview_cgi.php Multiple Parameter XSS description Simple PHP Blog 0.4 colors.php Multiple Parameter XSS. CVE-2005-3473. Webapps exploit for cgi platform id EDB-ID:26463 last seen 2016-02-03 modified 2005-11-02 published 2005-11-02 reporter [email protected] source https://www.exploit-db.com/download/26463/ title Simple PHP Blog 0.4 colors.php Multiple Parameter XSS description Simple PHP Blog 0.4 preview_static_cgi.php Multiple Parameter XSS. CVE-2005-3473. Webapps exploit for cgi platform id EDB-ID:26462 last seen 2016-02-03 modified 2005-11-02 published 2005-11-02 reporter [email protected] source https://www.exploit-db.com/download/26462/ title Simple PHP Blog 0.4 preview_static_cgi.php Multiple Parameter XSS
References
- http://secunia.com/advisories/17404
- http://securityreason.com/securityalert/138
- http://www.osvdb.org/20436
- http://www.osvdb.org/20437
- http://www.osvdb.org/20438
- http://www.seclab.tuwien.ac.at/advisories/TUVSA-0511-001.txt
- http://www.securityfocus.com/archive/1/415463
- http://www.securityfocus.com/bid/15283