Lucene search

MitreCVE-2005-0928

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0928

2005-05-0204:00:00

mitre

web.nvd.nist.gov

cve-2005-0928

cross-site scripting

xss

photopost php pro

nvd

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

Affected configurations

Nvd

Node

photopostphotopost_php_proMatch5.02

VendorProductVersionCPE
photopostphotopost_php_pro5.02cpe:2.3:a:photopost:photopost_php_pro:5.02:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
photopost	photopost_php_pro	5.02	cpe:2.3:a:photopost:photopost_php_pro:5.02:::::::*

References

marc.info/?l=bugtraq&m=111205342909640&w=2

secunia.com/advisories/14742

securitytracker.com/id?1013581

www.osvdb.org/15096

www.osvdb.org/15097

www.osvdb.org/15098

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.6%

JSON

Related for CVE-2005-0928