CVE-2005-4012 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php Web	Statistik

Configuration 1 [-]

cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html
http://freewebstat.com/changelog-english.html
http://secunia.com/advisories/17789
http://www.osvdb.org/21208
http://www.osvdb.org/21212
http://www.securityfocus.com/bid/15603
http://www.ush.it/2005/11/19/php-web-statistik/
http://www.vupen.com/english/advisories/2005/2645
https://exchange.xforce.ibmcloud.com/vulnerabilities/23379
https://exchange.xforce.ibmcloud.com/vulnerabilities/23385

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-05T11:00:00

Updated: 2024-08-07T23:31:48.930Z

Reserved: 2005-12-05T00:00:00

Link: CVE-2005-4012

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-05T11:03:00.000

Modified: 2017-07-20T01:29:08.423

Link: CVE-2005-4012

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-19T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2005-2645", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2645"}, {"tags": ["x_refsource_MISC"], "url": "http://freewebstat.com/changelog-english.html"}, {"name": "21212", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21212"}, {"name": "phpwebstatistik-referer-xss(23385)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23385"}, {"name": "20051128 Php Web Statistik Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html"}, {"name": "21208", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21208"}, {"name": "17789", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17789"}, {"name": "15603", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15603"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ush.it/2005/11/19/php-web-statistik/"}, {"name": "phpwebstatistik-stat-xss(23379)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23379"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4012", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2005-2645", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2645"}, {"name": "http://freewebstat.com/changelog-english.html", "refsource": "MISC", "url": "http://freewebstat.com/changelog-english.html"}, {"name": "21212", "refsource": "OSVDB", "url": "http://www.osvdb.org/21212"}, {"name": "phpwebstatistik-referer-xss(23385)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23385"}, {"name": "20051128 Php Web Statistik Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html"}, {"name": "21208", "refsource": "OSVDB", "url": "http://www.osvdb.org/21208"}, {"name": "17789", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17789"}, {"name": "15603", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15603"}, {"name": "http://www.ush.it/2005/11/19/php-web-statistik/", "refsource": "MISC", "url": "http://www.ush.it/2005/11/19/php-web-statistik/"}, {"name": "phpwebstatistik-stat-xss(23379)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23379"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:31:48.930Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2005-2645", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2645"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://freewebstat.com/changelog-english.html"}, {"name": "21212", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21212"}, {"name": "phpwebstatistik-referer-xss(23385)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23385"}, {"name": "20051128 Php Web Statistik Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html"}, {"name": "21208", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21208"}, {"name": "17789", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17789"}, {"name": "15603", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15603"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ush.it/2005/11/19/php-web-statistik/"}, {"name": "phpwebstatistik-stat-xss(23379)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23379"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4012", "datePublished": "2005-12-05T11:00:00", "dateReserved": "2005-12-05T00:00:00", "dateUpdated": "2024-08-07T23:31:48.930Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "71CCFDF7-0F66-4F82-AAF7-8A6216B06144", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php."}], "id": "CVE-2005-4012", "lastModified": "2017-07-20T01:29:08.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-05T11:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html"}, {"source": "cve@mitre.org", "url": "http://freewebstat.com/changelog-english.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17789"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21208"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21212"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15603"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.ush.it/2005/11/19/php-web-statistik/"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2005/2645"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23379"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23385"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}