CVE-2005-4138 — MEDIUM (4.3)

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Thwboard	Thwboard Beta	2.8

References

http://kapda.ir/advisory-149.htmlExploitPatchVendor Advisory
http://www.securityfocus.com/archive/1/418837/100/0/threaded
http://www.securityfocus.com/bid/15763Patch
http://kapda.ir/advisory-149.htmlExploitPatchVendor Advisory
http://www.securityfocus.com/archive/1/418837/100/0/threaded
http://www.securityfocus.com/bid/15763Patch

FAQ

What is CVE-2005-4138?

CVE-2005-4138 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile...

How severe is CVE-2005-4138?

CVE-2005-4138 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4138?

Check the references section above for vendor advisories and patch information. Affected products include: Thwboard Thwboard Beta.