CVE-2005-3473
CVE-2005-3473
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php.
Affected products
n/a · n/apublic PoCs found — 3
exploitdbwww.exploit-db.com/exploits/26463unverifiedexploitdbwww.exploit-db.com/exploits/26461unverifiedexploitdbwww.exploit-db.com/exploits/26462unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/17404http://securityreason.com/securityalert/138http://www.osvdb.org/20436http://www.osvdb.org/20437http://www.osvdb.org/20438http://www.seclab.tuwien.ac.at/advisories/TUVSA-0511-001.txthttp://www.securityfocus.com/archive/1/415463http://www.securityfocus.com/bid/15283