CVE-2005-3496 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php Handicapper	Php Handicapper

Configuration 1 [-]

cpe:2.3:a:php_handicapper:php_handicapper:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/17412
http://www.osvdb.org/20479
http://www.osvdb.org/20480
http://www.securityfocus.com/bid/15294
http://www.vupen.com/english/advisories/2005/2292
http://www.zone-h.org/advisories/read/id=8360

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-04T00:00:00

Updated: 2024-08-07T23:17:22.345Z

Reserved: 2005-11-03T00:00:00

Link: CVE-2005-3496

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-11-04T00:02:00.000

Modified: 2024-11-21T00:02:02.067

Link: CVE-2005-3496

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-01-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20479", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20479"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zone-h.org/advisories/read/id=8360"}, {"name": "15294", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15294"}, {"name": "ADV-2005-2292", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2292"}, {"name": "17412", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17412"}, {"name": "20480", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20480"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3496", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20479", "refsource": "OSVDB", "url": "http://www.osvdb.org/20479"}, {"name": "http://www.zone-h.org/advisories/read/id=8360", "refsource": "MISC", "url": "http://www.zone-h.org/advisories/read/id=8360"}, {"name": "15294", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15294"}, {"name": "ADV-2005-2292", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2292"}, {"name": "17412", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17412"}, {"name": "20480", "refsource": "OSVDB", "url": "http://www.osvdb.org/20480"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:17:22.345Z"}, "title": "CVE Program Container", "references": [{"name": "20479", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/20479"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zone-h.org/advisories/read/id=8360"}, {"name": "15294", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15294"}, {"name": "ADV-2005-2292", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2292"}, {"name": "17412", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17412"}, {"name": "20480", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/20480"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3496", "datePublished": "2005-11-04T00:00:00", "dateReserved": "2005-11-03T00:00:00", "dateUpdated": "2024-08-07T23:17:22.345Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php_handicapper:php_handicapper:*:*:*:*:*:*:*:*", "matchCriteriaId": "974BBD4D-4995-471D-A1D8-63BE4450D739", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct."}], "id": "CVE-2005-3496", "lastModified": "2024-11-21T00:02:02.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-11-04T00:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17412"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20479"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20480"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15294"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2292"}, {"source": "cve@mitre.org", "url": "http://www.zone-h.org/advisories/read/id=8360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17412"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/20479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/20480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/15294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zone-h.org/advisories/read/id=8360"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}