CVE-2005-3814 - Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject

CVE-2005-3814

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php.

References

http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359
http://nightmaresecurity.net/index.php?showtopic=1015
http://www.securityfocus.com/bid/15567
http://secunia.com/advisories/17736
http://www.osvdb.org/21090
http://www.osvdb.org/21091
http://www.osvdb.org/21092
http://securitytracker.com/id?1015259
http://www.vupen.com/english/advisories/2005/2581

Vulnerable Configurations

cpe:2.3:a:orbitscripts:smartppc_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:orbitscripts:smartppc_pro:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	15567
misc	http://nightmaresecurity.net/index.php?showtopic=1015 http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359
osvdb	21090 21091 21092
sectrack	1015259
secunia	17736
vupen	ADV-2005-2581

Last major update

14-02-2024 - 01:17

Published

26-11-2005 - 02:03

Last modified

14-02-2024 - 01:17