CVE-2005-2539

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post.

Reference

http://marc.info/?l=bugtraq&m=112327238030127&w=2
http://secunia.com/advisories/16330
http://www.osvdb.org/18551
http://www.osvdb.org/18552
http://www.osvdb.org/18553
http://www.rgod.altervista.org/flatnuke.html
http://www.securityfocus.com/bid/14483
https://exchange.xforce.ibmcloud.com/vulnerabilities/21707
https://exchange.xforce.ibmcloud.com/vulnerabilities/21708

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

10-08-2005 - 04:00