Vulnerability Description
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jonathan Bravata | Scarecrow | <= 2.13 |
References
- http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html
- http://secunia.com/advisories/18084Vendor Advisory
- http://www.osvdb.org/21777
- http://www.osvdb.org/21778
- http://www.osvdb.org/21779
- http://www.securityfocus.com/bid/15915Exploit
- http://www.vupen.com/english/advisories/2005/2937
- http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html
- http://secunia.com/advisories/18084Vendor Advisory
- http://www.osvdb.org/21777
- http://www.osvdb.org/21778
- http://www.osvdb.org/21779
- http://www.securityfocus.com/bid/15915Exploit
- http://www.vupen.com/english/advisories/2005/2937
FAQ
What is CVE-2005-4307?
CVE-2005-4307 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) ...
How severe is CVE-2005-4307?
CVE-2005-4307 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4307?
Check the references section above for vendor advisories and patch information. Affected products include: Jonathan Bravata Scarecrow.