Vulnerabilities > CVE-2005-4627 - Cross-Site Scripting vulnerability in GMailSite

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

gfhost

gmailsite

exploit available

NVD

Published: 2005-12-31

Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.

Vulnerable Configurations

Part	Description	Count
Application	Gfhost Gfhost Gfhost 0.1.1 Gfhost Gfhost 0.2 Gfhost Gfhost 0.3 Gfhost Gfhost 0.4 Gfhost Gfhost 0.4.1 Gfhost Gfhost 0.4.2	6
Application	Gmailsite Gmailsite Gmailsite 1.0 Gmailsite Gmailsite 1.0.1 Gmailsite Gmailsite 1.0.2 Gmailsite Gmailsite 1.0.3 Gmailsite Gmailsite 1.0.4	5

Exploit-Db

description	GMailSite 1.0.x Cross-Site Scripting Vulnerability. CVE-2005-4627. Webapps exploit for php platform
id	EDB-ID:26989
last seen	2016-02-03
modified	2005-12-29
published	2005-12-29
reporter	Lostmon
source	https://www.exploit-db.com/download/26989/
title	GMailSite 1.0.x - Cross-Site Scripting Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References