Vulnerabilities > CVE-2005-4490 - Cross-Site Scripting vulnerability in Commercial Interactive Media SCOOP!

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
commercial-interactive-media
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp; (3) username and (4) invalid parameter to lostPassword.asp; (5) Username, (6) Password, and (7) invalid parameter to account_login.asp; (8) area, (9) articleZoneID, (10) r, and (11) invalid parameters to category.asp; and invalid parameters to (12) articleZone.asp, (13) prePurchaserRegistration.asp, and (14) requestDemo.asp.

Vulnerable Configurations

Part Description Count
Application
Commercial_Interactive_Media
1

Exploit-Db

  • descriptionCommercial Interactive Media SCOOP! 2.3 articleSearch.asp XSS. CVE-2005-4490. Webapps exploit for asp platform
    idEDB-ID:26940
    last seen2016-02-03
    modified2005-12-21
    published2005-12-21
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26940/
    titleCommercial Interactive Media SCOOP! 2.3 articleSearch.asp XSS
  • descriptionCommercial Interactive Media SCOOP! 2.3 requestDemo.asp Invalid Parameter XSS. CVE-2005-4490. Webapps exploit for asp platform
    idEDB-ID:26946
    last seen2016-02-03
    modified2005-12-21
    published2005-12-21
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26946/
    titleCommercial Interactive Media SCOOP! 2.3 requestDemo.asp Invalid Parameter XSS
  • descriptionCommercial Interactive Media SCOOP! 2.3 account_login.asp Multiple Parameter XSS. CVE-2005-4490 . Webapps exploit for asp platform
    idEDB-ID:26942
    last seen2016-02-03
    modified2005-12-21
    published2005-12-21
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26942/
    titleCommercial Interactive Media SCOOP! 2.3 account_login.asp Multiple Parameter XSS
  • descriptionCommercial Interactive Media SCOOP! 2.3 articleZone.asp Invalid Parameter XSS. CVE-2005-4490. Webapps exploit for asp platform
    idEDB-ID:26944
    last seen2016-02-03
    modified2005-12-21
    published2005-12-21
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26944/
    titleCommercial Interactive Media SCOOP! 2.3 articleZone.asp Invalid Parameter XSS
  • descriptionCommercial Interactive Media SCOOP! 2.3 lostPassword.asp Multiple Parameter XSS. CVE-2005-4490 . Webapps exploit for asp platform
    idEDB-ID:26941
    last seen2016-02-03
    modified2005-12-21
    published2005-12-21
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26941/
    titleCommercial Interactive Media SCOOP! 2.3 lostPassword.asp Multiple Parameter XSS
  • descriptionCommercial Interactive Media SCOOP! 2.3 category.asp Multiple Parameter XSS. CVE-2005-4490. Webapps exploit for asp platform
    idEDB-ID:26943
    last seen2016-02-03
    modified2005-12-21
    published2005-12-21
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26943/
    titleCommercial Interactive Media SCOOP! 2.3 category.asp Multiple Parameter XSS
  • descriptionCommercial Interactive Media SCOOP! 2.3 prePurchaserRegistration.asp Invalid Parameter XSS. CVE-2005-4490. Webapps exploit for asp platform
    idEDB-ID:26945
    last seen2016-02-03
    modified2005-12-21
    published2005-12-21
    reporterr0t3d3Vil
    sourcehttps://www.exploit-db.com/download/26945/
    titleCommercial Interactive Media SCOOP! 2.3 prePurchaserRegistration.asp Invalid Parameter XSS