CVE-2005-0628 - Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject

CVE-2005-0628

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message.

References

http://marc.info/?l=bugtraq&m=110971101826900&w=2
http://secunia.com/advisories/14418
http://www.securityfocus.com/bid/12689

Vulnerable Configurations

cpe:2.3:a:demof:forumwa:v1:*:*:*:*:*:*:*
cpe:2.3:a:demof:forumwa:v1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2016 - 03:13)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	12689
bugtraq	20050301 Forumwa search.php xss vulnerability
secunia	14418

Last major update

18-10-2016 - 03:13

Published

01-03-2005 - 05:00

Last modified

18-10-2016 - 03:13