CVE-2005-1803

EPSS 1.8%

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php.

Affected products

n/a · n/a

public PoCs found — 6

exploitdbwww.exploit-db.com/exploits/25742unverified exploitdbwww.exploit-db.com/exploits/25750unverified exploitdbwww.exploit-db.com/exploits/25743unverified exploitdbwww.exploit-db.com/exploits/25747unverified exploitdbwww.exploit-db.com/exploits/25746unverified exploitdbwww.exploit-db.com/exploits/25744unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securitytracker.com/id?1014073 http://www.npds.org/download.php?op=geninfo&did=115 http://www.osvdb.org/16464 http://www.osvdb.org/16922