Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pwsphp | Pwsphp | 1.2.2 |
References
- http://marc.info/?l=bugtraq&m=111565808024581&w=2
- http://secunia.com/advisories/15315Vendor Advisory
- http://www.osvdb.org/16228
- http://www.osvdb.org/16229
- http://www.osvdb.org/16230
- http://www.osvdb.org/16231
- http://www.osvdb.org/16232
- http://www.vupen.com/english/advisories/2005/0503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20500
- http://marc.info/?l=bugtraq&m=111565808024581&w=2
- http://secunia.com/advisories/15315Vendor Advisory
- http://www.osvdb.org/16228
- http://www.osvdb.org/16229
- http://www.osvdb.org/16230
- http://www.osvdb.org/16231
FAQ
What is CVE-2005-1508?
CVE-2005-1508 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbra...
How severe is CVE-2005-1508?
CVE-2005-1508 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1508?
Check the references section above for vendor advisories and patch information. Affected products include: Pwsphp Pwsphp.