Vulnerability Description
Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Handicapper | Php Handicapper | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/17412Vendor Advisory
- http://www.osvdb.org/20479
- http://www.osvdb.org/20480
- http://www.securityfocus.com/bid/15294
- http://www.vupen.com/english/advisories/2005/2292Vendor Advisory
- http://www.zone-h.org/advisories/read/id=8360
- http://secunia.com/advisories/17412Vendor Advisory
- http://www.osvdb.org/20479
- http://www.osvdb.org/20480
- http://www.securityfocus.com/bid/15294
- http://www.vupen.com/english/advisories/2005/2292Vendor Advisory
- http://www.zone-h.org/advisories/read/id=8360
FAQ
What is CVE-2005-3496?
CVE-2005-3496 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vecto...
How severe is CVE-2005-3496?
CVE-2005-3496 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3496?
Check the references section above for vendor advisories and patch information. Affected products include: Php Handicapper Php Handicapper.