CVE-2005-0485

Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=110863062605906&w=2	Exploit Third Party Advisory
http://www.securityfocus.com/bid/12576	Exploit Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/19359
http://marc.info/?l=bugtraq&m=110863062605906&w=2	Exploit Third Party Advisory
http://www.securityfocus.com/bid/12576	Exploit Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/19359

Configurations

Configuration 1 (hide)

cpe:2.3:a:phparena:panews:2.0b4:*:*:*:*:*:*:*

History

20 Nov 2024, 23:55

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=110863062605906&w=2 - Exploit, Third Party Advisory~~	() http://marc.info/?l=bugtraq&m=110863062605906&w=2 - Exploit, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/12576 - Exploit, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/12576 - Exploit, Third Party Advisory, VDB Entry
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/19359 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/19359 -

Information

Published : 2005-03-30 05:00

Updated : 2024-11-20 23:55

NVD link : CVE-2005-0485

Mitre link : CVE-2005-0485

CVE.ORG link : CVE-2005-0485

JSON object : View

Products Affected

phparena

panews

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2005-0485", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-03-30T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110863062605906&w=2", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12576", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19359", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110863062605906&w=2", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/12576", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19359", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en comment.php para paNews 2.0b4 de PHP Arena permite a atacantes remotos la inyecci\u00f3n de HTML arbitrario y scripts web, mediante el par\u00e1metro showpost."}], "lastModified": "2024-11-20T23:55:14.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phparena:panews:2.0b4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "931AE43C-DDB3-4D3F-824C-A6C5ADDC5756"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}