CVE-2005-1189 - Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attacke

CVE-2005-1189

Summary

Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. The vulnerability has reportedly been fixed in the beta version 2.16.478.

References

http://secunia.com/advisories/14999
http://securitytracker.com/id?1013753
https://exchange.xforce.ibmcloud.com/vulnerabilities/20166

Vulnerable Configurations

cpe:2.3:a:webcamxp:webcamxp_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:webcamxp:webcamxp_pro:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

sectrack	1013753
secunia	14999
xf	webcamxp-chat-xss(20166)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32