Search criteria
4 vulnerabilities found for blogbuddies by blogbuddies
CVE-2005-3954 (GCVE-0-2005-3954)
Vulnerability from cvelistv5 – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=514600"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "blogbuddies-multiple-scripts-xss(23331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "21111",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21111"
},
{
"name": "ADV-2005-2586",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=514600"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "blogbuddies-multiple-scripts-xss(23331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "21111",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21111"
},
{
"name": "ADV-2005-2586",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=514600",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=514600"
},
{
"name": "17741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "blogbuddies-multiple-scripts-xss(23331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331"
},
{
"name": "15555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "21111",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21111"
},
{
"name": "ADV-2005-2586",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3954",
"datePublished": "2005-12-01T11:00:00.000Z",
"dateReserved": "2005-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3955 (GCVE-0-2005-3955)
Vulnerability from cvelistv5 – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "http://www.jaws-project.com/index.php?blog/show/29",
"refsource": "MISC",
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3955",
"datePublished": "2005-12-01T11:00:00.000Z",
"dateReserved": "2005-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3954 (GCVE-0-2005-3954)
Vulnerability from nvd – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=514600"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "blogbuddies-multiple-scripts-xss(23331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "21111",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21111"
},
{
"name": "ADV-2005-2586",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=514600"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "blogbuddies-multiple-scripts-xss(23331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "21111",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21111"
},
{
"name": "ADV-2005-2586",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=514600",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=514600"
},
{
"name": "17741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "blogbuddies-multiple-scripts-xss(23331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331"
},
{
"name": "15555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "21111",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21111"
},
{
"name": "ADV-2005-2586",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3954",
"datePublished": "2005-12-01T11:00:00.000Z",
"dateReserved": "2005-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3955 (GCVE-0-2005-3955)
Vulnerability from nvd – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "http://www.jaws-project.com/index.php?blog/show/29",
"refsource": "MISC",
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3955",
"datePublished": "2005-12-01T11:00:00.000Z",
"dateReserved": "2005-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}