CVE-2005-2674 - Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Lan

CVE-2005-2674

Summary

Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

References

Vulnerable Configurations

cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*
cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-04-2024 - 00:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	14619
bugtraq	20050820 Bugs Land Down Under v800
misc	http://www.neocrome.net
sectrack	1014747

Last major update

11-04-2024 - 00:39

Published

23-08-2005 - 04:00

Last modified

11-04-2024 - 00:39