CVE-2005-4196 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT–QuickSearch.php; (2) ParentId parameter in SPT–BrowseResources.php; (3) the ResourceId parameter in SPT–FullRecord.php; (4) ResourceOffset parameter in SPT–Home.php (5) F_SearchString parameter in SPT–QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT–UserLogin.php; (8) F_SearchCat1 (9) F_TextField1 (10) F_SearchCat2 (11) F_TextField2 (12) F_SearchCat3 (13) F_TextField3 (14) F_SearchCat4 (15) F_TextField4 (16) ResourceType (17) Language (18) Audience (19) Format parameters in SPT–AdvancedSearch.php.
Reference
http://secunia.com/advisories/17979 http://www.osvdb.org/21630 http://www.osvdb.org/21631 http://www.osvdb.org/21632 http://www.osvdb.org/21633 http://www.osvdb.org/21634 http://www.osvdb.org/21635 http://www.osvdb.org/21636 http://www.securityfocus.com/bid/15818 http://www.vupen.com/english/advisories/2005/2844 http://www.x-illusion.com/rs/Scout20Portal20Toolkit.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/23545
Share on: