Search criteria
1 vulnerability by magpierss
CVE-2005-3955 (GCVE-0-2005-3955)
Vulnerability from cvelistv5 – Published: 2005-12-01 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2005-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/JAWS_062_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/JAWS_062_sql.html"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1366743\u0026group_id=127552\u0026atid=708847"
},
{
"name": "jaws-magpieslashbox-xss(27337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337"
},
{
"name": "20842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20842"
},
{
"name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/35"
},
{
"name": "17741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17741"
},
{
"name": "1015264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015264"
},
{
"name": "http://www.jaws-project.com/index.php?blog/show/29",
"refsource": "MISC",
"url": "http://www.jaws-project.com/index.php?blog/show/29"
},
{
"name": "21113",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21113"
},
{
"name": "15555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "20060626 Jaws \u003c= 0.6.2 \u0027Search gadget\u0027 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded"
},
{
"name": "21112",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21112"
},
{
"name": "ADV-2006-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2546"
},
{
"name": "21643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21643"
},
{
"name": "18665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3955",
"datePublished": "2005-12-01T11:00:00.000Z",
"dateReserved": "2005-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}