← back
CVE-2005-2488

CVE-2005-2488

EPSS 1.8%
Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/26068unverifiedexploitdbwww.exploit-db.com/exploits/26067unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/16317http://securitytracker.com/id?1014616https://exchange.xforce.ibmcloud.com/vulnerabilities/21689http://www.rgod.altervista.org/webc.htmlhttp://www.securityfocus.com/bid/14464