CVE-2005-4485

EPSS 2.7%

Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.

Affected products

n/a · n/a

public PoCs found — 7

exploitdbwww.exploit-db.com/exploits/26932unverified exploitdbwww.exploit-db.com/exploits/26936unverified exploitdbwww.exploit-db.com/exploits/26930unverified exploitdbwww.exploit-db.com/exploits/26935unverified exploitdbwww.exploit-db.com/exploits/26934unverified exploitdbwww.exploit-db.com/exploits/26931unverified exploitdbwww.exploit-db.com/exploits/26933unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://pridels0.blogspot.com/2005/12/projectapp-mutliple-xss-vuln.html http://secunia.com/advisories/18199 http://www.osvdb.org/21962 http://www.osvdb.org/21963 http://www.osvdb.org/21964 http://www.osvdb.org/21965 http://www.osvdb.org/21966 http://www.osvdb.org/21967 http://www.osvdb.org/21968 http://www.securityfocus.com/bid/16011 http://www.vupen.com/english/advisories/2005/3040