← back
CVE-2005-4262

CVE-2005-4262

EPSS 1.0%
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263).
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/26818unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/18069http://securitytracker.com/id?1015351http://www.osvdb.org/21751http://www.securityfocus.com/bid/15857http://www.vupen.com/english/advisories/2005/2927