Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2005-3473

Published: 03/11/2005 Updated: 19/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 445
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Alexander Palmo

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php.

Vulnerable Product Search on Vulmon Subscribe to Product

alexander palmo simple php blog 0.4.5

Exploits

Exploit DB: Simple PHP Blog 0.4 - 'preview_cgi.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context ...
Exploit DB: Simple PHP Blog 0.4 - 'colors.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the con ...
Exploit DB: Simple PHP Blog 0.4 - 'preview_static_cgi.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the conte ...

References

NVD-CWE-Otherhttp://www.seclab.tuwien.ac.at/advisories/TUVSA-0511-001.txthttp://www.securityfocus.com/bid/15283http://secunia.com/advisories/17404http://www.osvdb.org/20436http://www.osvdb.org/20437http://www.osvdb.org/20438http://securityreason.com/securityalert/138http://www.securityfocus.com/archive/1/415463https://nvd.nist.govhttps://www.exploit-db.com/exploits/26461/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook