| Vulnerability Name: | CCN-20836 | ||||||
| Published: | 2005-05-29 | ||||||
| Updated: | 2005-05-29 | ||||||
| Summary: | Net Portal Dynamic System (NPDS) is vulnerable to script injection caused by improper validation of user-supplied input in the reply.php script in the image_subject parameter. A remote attacker could send a specially-crafted URL request to the reply.php script containing malicious script to the image_subject parameter which, once the link is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: NPDS Web site Index - NPDS Source: CCN Type: BID-13803 NPDS Multiple Input Validation Vulnerabilities Source: XF Type: UNKNOWN npds-reply-script-injection(20836) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||