CVE-2005-3496
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
04/11/2005
Last modified:
03/04/2025
Description
Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:php_handicapper:php_handicapper:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/17412
- http://www.osvdb.org/20479
- http://www.osvdb.org/20480
- http://www.securityfocus.com/bid/15294
- http://www.vupen.com/english/advisories/2005/2292
- http://www.zone-h.org/advisories/read/id=8360
- http://secunia.com/advisories/17412
- http://www.osvdb.org/20479
- http://www.osvdb.org/20480
- http://www.securityfocus.com/bid/15294
- http://www.vupen.com/english/advisories/2005/2292
- http://www.zone-h.org/advisories/read/id=8360