CVE-2005-2441

Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/14423
http://www.osvdb.org/18662
http://www.osvdb.org/18663
http://securitytracker.com/id?1014614
http://secunia.com/advisories/16220
http://marc.info/?l=bugtraq&m=112300586019568&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/21680
http://www.securityfocus.com/archive/1/426874/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:vbzoom:vbzoom:*:*:*:*:*:*:*:*

Information

Published : 2005-08-02 21:00

Updated : 2018-10-19 08:32

NVD link : CVE-2005-2441

Mitre link : CVE-2005-2441

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

vbzoom

vbzoom

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/14423", "name": "14423", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/18662", "name": "18662", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/18663", "name": "18663", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1014614", "name": "1014614", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/16220", "name": "16220", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=112300586019568&w=2", "name": "20050729 VBZoom Cross Site Scripting Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21680", "name": "vbzoom-profile-login-xss(21680)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/426874/100/0/threaded", "name": "20060306 SQL injection & XSS IN vbzoom v1.11", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2441", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-08-03T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vbzoom:vbzoom:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:32Z"}