Search criteria
4 vulnerabilities by moxiecode
CVE-2013-0237 (GCVE-0-2013-0237)
Vulnerability from cvelistv5 – Published: 2013-07-08 20:00 – Updated: 2024-09-16 22:21
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=904122 | x_refsource_CONFIRM |
| http://codex.wordpress.org/Version_3.5.1 | x_refsource_CONFIRM |
| https://github.com/moxiecode/plupload/commit/2d74… | x_refsource_CONFIRM |
| http://wordpress.org/news/2013/01/wordpress-3-5-1/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-08T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=904122",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=904122"
},
{
"name": "http://codex.wordpress.org/Version_3.5.1",
"refsource": "CONFIRM",
"url": "http://codex.wordpress.org/Version_3.5.1"
},
{
"name": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5",
"refsource": "CONFIRM",
"url": "https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5"
},
{
"name": "http://wordpress.org/news/2013/01/wordpress-3-5-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2013/01/wordpress-3-5-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0237",
"datePublished": "2013-07-08T20:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:21:09.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2401 (GCVE-0-2012-2401)
Vulnerability from cvelistv5 – Published: 2012-04-21 23:00 – Updated: 2024-08-06 19:34
VLAI
Summary
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://osvdb.org/81461 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/49138 | third-party-advisoryx_refsource_SECUNIA |
| http://www.plupload.com/punbb/viewtopic.php?id=1685 | x_refsource_CONFIRM |
| http://core.trac.wordpress.org/browser/branches/3… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2012/dsa-2470 | vendor-advisoryx_refsource_DEBIAN |
| https://nealpoole.com/blog/2012/05/xss-and-csrf-v… | x_refsource_MISC |
| http://core.trac.wordpress.org/browser/branches/3… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/53192 | vdb-entryx_refsource_BID |
| http://wordpress.org/news/2012/04/wordpress-3-3-2/ | x_refsource_CONFIRM |
Date Public
2012-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "81461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81461",
"refsource": "OSVDB",
"url": "http://osvdb.org/81461"
},
{
"name": "49138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49138"
},
{
"name": "http://www.plupload.com/punbb/viewtopic.php?id=1685",
"refsource": "CONFIRM",
"url": "http://www.plupload.com/punbb/viewtopic.php?id=1685"
},
{
"name": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
},
{
"name": "wordpress-plupload-sec-bypass(75208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
},
{
"name": "DSA-2470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"name": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/",
"refsource": "MISC",
"url": "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
},
{
"name": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
},
{
"name": "53192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53192"
},
{
"name": "http://wordpress.org/news/2012/04/wordpress-3-3-2/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2401",
"datePublished": "2012-04-21T23:00:00.000Z",
"dateReserved": "2012-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:34:24.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4600 (GCVE-0-2005-4600)
Vulnerability from cvelistv5 – Published: 2006-01-01 23:00 – Updated: 2024-08-07 23:53
VLAI
Summary
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://tinymce.moxiecode.com/punbb/viewtopic.php?… | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/4441 | exploitx_refsource_EXPLOIT-DB |
| http://tinymce.moxiecode.com/punbb/viewtopic.php?… | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/306 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/18262 | third-party-advisoryx_refsource_SECUNIA |
| http://www.hardened-php.net/advisory_262005.111.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/420543/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/16083 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1015424 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/22116 | vdb-entryx_refsource_OSVDB |
Date Public
2005-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:27.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233"
},
{
"name": "4441",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244"
},
{
"name": "306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/306"
},
{
"name": "18262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18262"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_262005.111.html"
},
{
"name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded"
},
{
"name": "izicontents-tinymcegzip-directory-traversal(36736)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36736"
},
{
"name": "16083",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16083"
},
{
"name": "1015424",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015424"
},
{
"name": "22116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233"
},
{
"name": "4441",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244"
},
{
"name": "306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/306"
},
{
"name": "18262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18262"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_262005.111.html"
},
{
"name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded"
},
{
"name": "izicontents-tinymcegzip-directory-traversal(36736)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36736"
},
{
"name": "16083",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16083"
},
{
"name": "1015424",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015424"
},
{
"name": "22116",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233",
"refsource": "CONFIRM",
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233"
},
{
"name": "4441",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4441"
},
{
"name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244",
"refsource": "CONFIRM",
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244"
},
{
"name": "306",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/306"
},
{
"name": "18262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18262"
},
{
"name": "http://www.hardened-php.net/advisory_262005.111.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_262005.111.html"
},
{
"name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded"
},
{
"name": "izicontents-tinymcegzip-directory-traversal(36736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36736"
},
{
"name": "16083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16083"
},
{
"name": "1015424",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015424"
},
{
"name": "22116",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4600",
"datePublished": "2006-01-01T23:00:00.000Z",
"dateReserved": "2006-01-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:53:27.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4599 (GCVE-0-2005-4599)
Vulnerability from cvelistv5 – Published: 2006-01-01 23:00 – Updated: 2024-08-07 23:53
VLAI
Summary
Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://tinymce.moxiecode.com/punbb/viewtopic.php?… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/22117 | vdb-entryx_refsource_OSVDB |
| http://tinymce.moxiecode.com/punbb/viewtopic.php?… | x_refsource_CONFIRM |
| http://secunia.com/advisories/18262 | third-party-advisoryx_refsource_SECUNIA |
| http://www.hardened-php.net/advisory_262005.111.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/420543/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/16083 | vdb-entryx_refsource_BID |
| http://securitytracker.com/id?1015424 | vdb-entryx_refsource_SECTRACK |
Date Public
2005-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:27.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233"
},
{
"name": "tinymce-compressor-xss(23906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23906"
},
{
"name": "22117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244"
},
{
"name": "18262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18262"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_262005.111.html"
},
{
"name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded"
},
{
"name": "16083",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16083"
},
{
"name": "1015424",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015424"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233"
},
{
"name": "tinymce-compressor-xss(23906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23906"
},
{
"name": "22117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244"
},
{
"name": "18262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18262"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_262005.111.html"
},
{
"name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded"
},
{
"name": "16083",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16083"
},
{
"name": "1015424",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015424"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233",
"refsource": "CONFIRM",
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233"
},
{
"name": "tinymce-compressor-xss(23906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23906"
},
{
"name": "22117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22117"
},
{
"name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244",
"refsource": "CONFIRM",
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244"
},
{
"name": "18262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18262"
},
{
"name": "http://www.hardened-php.net/advisory_262005.111.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_262005.111.html"
},
{
"name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded"
},
{
"name": "16083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16083"
},
{
"name": "1015424",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015424"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4599",
"datePublished": "2006-01-01T23:00:00.000Z",
"dateReserved": "2006-01-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:53:27.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}