CVE-2005-4167

Properties

Published:
10.12.2005
Updated:
19.01.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
    Product:
    eFiction Project: eFiction
    eFiction Project: eFiction

    Vulnerability description

    Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.

    References:

    BUGTRAQ: http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html
    http://rgod.altervista.org/efiction2_xpl.html: http://rgod.altervista.org/efiction2_xpl.html
    http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555: http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555
    BID: http://www.securityfocus.com/bid/15568
    SECUNIA: http://secunia.com/advisories/17777