Back to search
CVE-2005-3473
Published: Nov 3, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20051102 Simple PHP Blog: Multiple XSS Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
138
third-party-advisory
x_refsource_SREASON
http://www.seclab.tuwien.ac.at/advisories/TUVSA-0511-001.txt
x_refsource_MISC
20436
vdb-entry
x_refsource_OSVDB
20437
vdb-entry
x_refsource_OSVDB
17404
third-party-advisory
x_refsource_SECUNIA
20438
vdb-entry
x_refsource_OSVDB
15283
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now