CVE-2005-1492 - Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allow

CVE-2005-1492

Summary

Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

References

Vulnerable Configurations

cpe:2.3:a:gossamer_threads:gossamer_threads_links:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gossamer_threads:gossamer_threads_links:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gossamer_threads:gossamer_threads_links:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gossamer_threads:gossamer_threads_links:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gossamer_threads:gossamer_threads_links-sql:3.0:*:*:*:*:*:*:*
cpe:2.3:a:gossamer_threads:gossamer_threads_links-sql:3.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	13484
bugtraq	20050504 Gossamer Threads Links SQL login XSS Vulnerability
confirm	http://gossamer-threads.com/perl/gforum/gforum.cgi?post=281029; http://www.gossamer-threads.com/forum/Gossamer_Links_3.0.1_Released_P280986/
osvdb	16189
sectrack	1013891
secunia	15253
xf	links-usercgi-addcgi-xss(20415)

Last major update

11-07-2017 - 01:32

Published

11-05-2005 - 04:00

Last modified

11-07-2017 - 01:32