CVE-2005-2638

Properties

Published:
22.08.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:C/A:N/B:N) Approximated
    Product:
    PHPFreeNews: PHPFreeNews

    Vulnerability description

    Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.

    References:

    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112439254700016&w=2
    BID: http://www.securityfocus.com/bid/14590
    SECUNIA: http://secunia.com/advisories/16490/
    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112439254700016&w=2
    SECTRACK: http://securitytracker.com/id?1014726