CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
77.4%
According to its banner, the remote host is running a version of paNews that fails to sanitize input to the ‘showpost’ parameter of the ‘comment.php’ script before using it to generate dynamic web content. By coercing an unsuspecting user into visiting a malicious website, an attacker may be able to possibly steal credentials or execute browser-side code.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(16479);
script_version("1.17");
script_cve_id("CVE-2005-0485");
script_bugtraq_id(12576);
script_name(english:"paNews comment.php showpost Parameter XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is affected by a
cross-site scripting issue." );
script_set_attribute(attribute:"description", value:
"According to its banner, the remote host is running a version of
paNews that fails to sanitize input to the 'showpost' parameter of the
'comment.php' script before using it to generate dynamic web content.
By coercing an unsuspecting user into visiting a malicious website, an
attacker may be able to possibly steal credentials or execute
browser-side code." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Feb/307" );
script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/16");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/02/17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Checks version of paNews");
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_dependencies("panews_detect.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
script_require_keys("www/panews");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
if (!can_host_php(port:port)) exit(0);
# Test an install.
install = get_kb_item(string("www/", port, "/panews"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
ver = matches[1];
if (ver && ver =~ "^([0-1]\.|2\.0b[0-4])$")
{
security_warning(port);
set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
}
}