CVE-2005-1782

EPSS 5.1%

Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE.

Affected products

n/a · n/a

public PoCs found — 9

exploitdbwww.exploit-db.com/exploits/25731unverified exploitdbwww.exploit-db.com/exploits/25734unverified exploitdbwww.exploit-db.com/exploits/25728unverified exploitdbwww.exploit-db.com/exploits/25727unverified exploitdbwww.exploit-db.com/exploits/25732unverified exploitdbwww.exploit-db.com/exploits/25730unverified exploitdbwww.exploit-db.com/exploits/25733unverified exploitdbwww.exploit-db.com/exploits/25729unverified exploitdbwww.exploit-db.com/exploits/25735unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html http://securitytracker.com/id?1014058 http://www.osvdb.org/16871 http://www.osvdb.org/16872 http://www.osvdb.org/16873 http://www.osvdb.org/16874 http://www.osvdb.org/16875 http://www.osvdb.org/16876 http://www.osvdb.org/16877 http://www.osvdb.org/16878 http://www.osvdb.org/16879 http://www.securityfocus.com/bid/13783