CVE-2005-2441 - Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbit

CVE-2005-2441

Summary

Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.

References

http://marc.info/?l=bugtraq&m=112300586019568&w=2
http://secunia.com/advisories/16220
http://securitytracker.com/id?1014614
http://www.osvdb.org/18662
http://www.osvdb.org/18663
http://www.securityfocus.com/archive/1/426874/100/0/threaded
http://www.securityfocus.com/bid/14423
https://exchange.xforce.ibmcloud.com/vulnerabilities/21680

Vulnerable Configurations

cpe:2.3:a:vbzoom:vbzoom:*:*:*:*:*:*:*:*
cpe:2.3:a:vbzoom:vbzoom:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 19-10-2018 - 15:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	14423
bugtraq	20050729 VBZoom Cross Site Scripting Vulnerabilities 20060306 SQL injection & XSS IN vbzoom v1.11
osvdb	18662 18663
sectrack	1014614
secunia	16220
xf	vbzoom-profile-login-xss(21680)

Last major update

19-10-2018 - 15:32

Published

03-08-2005 - 04:00

Last modified

19-10-2018 - 15:32