Vulnerability Description
Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_id or (2) group parameter to users.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Class-1 | Class-1 Forum | 0.23.2 |
| Clever Copy | Clever Copy | All versions |
References
- http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.htmlExploitVendor Advisory
- http://secunia.com/advisories/16078Vendor Advisory
- http://securitytracker.com/id?1014485Exploit
- http://securitytracker.com/id?1014486Exploit
- http://www.osvdb.org/17920
- http://www.securityfocus.com/bid/14261
- http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.htmlExploitVendor Advisory
- http://secunia.com/advisories/16078Vendor Advisory
- http://securitytracker.com/id?1014485Exploit
- http://securitytracker.com/id?1014486Exploit
- http://www.osvdb.org/17920
- http://www.securityfocus.com/bid/14261
FAQ
What is CVE-2005-2322?
CVE-2005-2322 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_...
How severe is CVE-2005-2322?
CVE-2005-2322 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2322?
Check the references section above for vendor advisories and patch information. Affected products include: Class-1 Class-1 Forum, Clever Copy Clever Copy.