CVE-2005-1075 - Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attack

CVE-2005-1075

Summary

Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.

References

http://secunia.com/advisories/14906
http://www.digitalparadox.org/advisories/rga.txt
http://www.osvdb.org/15430
http://www.osvdb.org/15431
http://www.securityfocus.com/archive/1/395527
http://www.securityfocus.com/bid/13080
https://exchange.xforce.ibmcloud.com/vulnerabilities/20038

Vulnerable Configurations

cpe:2.3:a:radscripts:radbids:2:*:gold:*:*:*:*:*
cpe:2.3:a:radscripts:radbids:2:*:gold:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	13080
bugtraq	20050409 Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2
misc	http://www.digitalparadox.org/advisories/rga.txt
osvdb	15430 15431
secunia	14906
xf	radbids-gold-php-xss(20038)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32