Vulnerabilities > CVE-2005-3959 - Cross-Site Scripting vulnerability in Freewebstat 1.0Rev37

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

freewebstat

exploit available

NVD

Published: 2005-12-01

Updated: 2018-10-19

Summary

Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php.

Vulnerable Configurations

Part	Description	Count
Application	Freewebstat Freewebstat Freewebstat 1.0_Rev37	1

Exploit-Db

description	FreeWebStat 1.0 Multiple Cross-Site Scripting Vulnerabilities. CVE-2005-3959. Webapps exploit for php platform
id	EDB-ID:26635
last seen	2016-02-03
modified	2005-11-28
published	2005-11-28
reporter	Francesco Ongaro
source	https://www.exploit-db.com/download/26635/
title	FreeWebStat 1.0 - Multiple Cross-Site Scripting Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References