Vulnerabilities > CVE-2005-4307 - Cross-Site Scripting vulnerability in ScareCrow

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

jonathan-bravata

exploit available

NVD

Published: 2005-12-17

Updated: 2011-03-08

Summary

Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.

Vulnerable Configurations

Part	Description	Count
Application	Jonathan_Bravata Jonathan Bravata Scarecrow 2.00_Beta Jonathan Bravata Scarecrow 2.01_Beta Jonathan Bravata Scarecrow 2.10 Jonathan Bravata Scarecrow 2.11 Jonathan Bravata Scarecrow 2.12 Jonathan Bravata Scarecrow *	6

Exploit-Db

description	ScareCrow 2.13 profile.cgi user Parameter XSS. CVE-2005-4307. Webapps exploit for cgi platform
id	EDB-ID:26862
last seen	2016-02-03
modified	2005-12-16
published	2005-12-16
reporter	r0t3d3Vil
source	https://www.exploit-db.com/download/26862/
title	ScareCrow 2.13 profile.cgi user Parameter XSS

description	ScareCrow 2.13 forum.cgi forum Parameter XSS. CVE-2005-4307. Webapps exploit for cgi platform
id	EDB-ID:26861
last seen	2016-02-03
modified	2005-12-16
published	2005-12-16
reporter	r0t3d3Vil
source	https://www.exploit-db.com/download/26861/
title	ScareCrow 2.13 forum.cgi forum Parameter XSS

description	ScareCrow 2.13 post.cgi forum Parameter XSS. CVE-2005-4307. Webapps exploit for cgi platform
id	EDB-ID:26863
last seen	2016-02-03
modified	2005-12-16
published	2005-12-16
reporter	r0t3d3Vil
source	https://www.exploit-db.com/download/26863/
title	ScareCrow 2.13 post.cgi forum Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References