CVE-2005-4012 - Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers

CVE-2005-4012

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php.

References

Vulnerable Configurations

cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*
cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	15603
bugtraq	20051128 Php Web Statistik Multiple Vulnerabilities
misc	http://freewebstat.com/changelog-english.html http://www.ush.it/2005/11/19/php-web-statistik/
osvdb	21208 21212
secunia	17789
vupen	ADV-2005-2645
xf	phpwebstatistik-referer-xss(23385) phpwebstatistik-stat-xss(23379)

Last major update

20-07-2017 - 01:29

Published

05-12-2005 - 11:03

Last modified

20-07-2017 - 01:29