Vulnerabilities > CVE-2005-4307 - Cross-Site Scripting vulnerability in ScareCrow
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Exploit-Db
description ScareCrow 2.13 profile.cgi user Parameter XSS. CVE-2005-4307. Webapps exploit for cgi platform id EDB-ID:26862 last seen 2016-02-03 modified 2005-12-16 published 2005-12-16 reporter r0t3d3Vil source https://www.exploit-db.com/download/26862/ title ScareCrow 2.13 profile.cgi user Parameter XSS description ScareCrow 2.13 forum.cgi forum Parameter XSS. CVE-2005-4307. Webapps exploit for cgi platform id EDB-ID:26861 last seen 2016-02-03 modified 2005-12-16 published 2005-12-16 reporter r0t3d3Vil source https://www.exploit-db.com/download/26861/ title ScareCrow 2.13 forum.cgi forum Parameter XSS description ScareCrow 2.13 post.cgi forum Parameter XSS. CVE-2005-4307. Webapps exploit for cgi platform id EDB-ID:26863 last seen 2016-02-03 modified 2005-12-16 published 2005-12-16 reporter r0t3d3Vil source https://www.exploit-db.com/download/26863/ title ScareCrow 2.13 post.cgi forum Parameter XSS