Vulnerability Name:

CVE-2005-1803 (CCN-20834)

Assigned:2005-05-29
Published:2005-05-29
Updated:2008-09-05
Summary:Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-1803

Source: CCN
Type: SECTRACK ID: 1014073
NPDS Input Validation Holes in `glossaire` Module and Links Search Script Permit SQL Injection

Source: SECTRACK
Type: Exploit, Patch, Vendor Advisory
1014073

Source: CONFIRM
Type: Vendor Advisory
http://www.npds.org/download.php?op=geninfo&did=115

Source: CCN
Type: NPDS Web site
Index - NPDS

Source: OSVDB
Type: UNKNOWN
16464

Source: OSVDB
Type: UNKNOWN
16922

Source: CCN
Type: OSVDB ID: 16464
NPDS faq.php categories Parameter XSS

Source: CCN
Type: OSVDB ID: 16919
NPDS admin.php language Parameter XSS

Source: CCN
Type: OSVDB ID: 16920
NPDS powerpack_f.php language Parameter XSS

Source: CCN
Type: OSVDB ID: 16921
NPDS sdv_infos.php sitename Parameter XSS

Source: CCN
Type: OSVDB ID: 16922
NPDS Modules.php Lettre Parameter XSS

Source: CCN
Type: OSVDB ID: 16923
NPDS reviews.php title Parameter XSS

Source: CCN
Type: OSVDB ID: 16924
NPDS reply.php image_subject Parameter XSS

Source: CCN
Type: BID-13803
NPDS Multiple Input Validation Vulnerabilities

Source: XF
Type: UNKNOWN
npds-multiple-script-injection(20834)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:net_portal_dynamic_system:net_portal_dynamic_system:5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:npds:npds:4.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    net_portal_dynamic_system net portal dynamic system 5.0
    npds npds 4.8