Vulnerability Details : CVE-2005-0870
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2005-0870
- cpe:2.3:a:phpsysinfo:phpsysinfo:2.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0870
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0870
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2005-0870
-
http://www.securityfocus.com/archive/1/416543
-
http://www.debian.org/security/2005/dsa-724
[SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118
#301118 - phpsysinfo: Various full path disclosure and cross-site-scripting issues - Debian Bug report logs
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19807
phpSysInfo sensor_program parameter cross-site scripting CVE-2005-0870 Vulnerability Report
-
http://www.securityfocus.com/bid/12887
-
http://www.debian.org/security/2005/dsa-897
[SECURITY] [DSA 897-1] New phpsysinfo packages fix several vulnerabilities
-
http://www.debian.org/security/2005/dsa-899
[SECURITY] [DSA 899-1] New egroupware packages fix several vulnerabilities
-
http://marc.info/?l=bugtraq&m=111161017209422&w=2
'[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities' - MARC
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212
Mandriva
-
http://www.debian.org/security/2005/dsa-898
[SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities
-
http://www.securityfocus.com/bid/15414
Jump to