Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
References
Link | Resource |
---|---|
http://foros.ojobuscador.com/tema1936.html | Exploit |
http://lostmon.blogspot.com/2005/12/gmailsite-variable-cross-site.html | Exploit Vendor Advisory |
http://secunia.com/advisories/18155 | Vendor Advisory |
http://www.osvdb.org/22083 | |
http://www.securityfocus.com/bid/16081 | Exploit |
https://exchange.xforce.ibmcloud.com/vulnerabilities/23912 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2005-12-31 05:00
Updated : 2024-02-04 16:52
NVD link : CVE-2005-4627
Mitre link : CVE-2005-4627
CVE.ORG link : CVE-2005-4627
JSON object : View
Products Affected
gmailsite
- gmailsite
gfhost
- gfhost
CWE