CVE-2005-3902

Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script.

Published: Nov 30, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3902
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
virtual_hosting_control_system / virtual_hosting_control_system	2.2	2.2.x
virtual_hosting_control_system / virtual_hosting_control_system	2.4.6.2	2.4.6.2.x
virtual_hosting_control_system / virtual_hosting_control_system	2.4.6	2.4.6.x
virtual_hosting_control_system / virtual_hosting_control_system	2.4	2.4.x

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html
http://marc.info/?l=bugtraq&m=113269811630139&w=2
http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt
http://secunia.com/advisories/17704/
http://securityreason.com/securityalert/202
http://www.osvdb.org/21060
http://www.securityfocus.com/bid/15538
https://exchange.xforce.ibmcloud.com/vulnerabilities/23209

Vulnerability Database

290,018

CVE-2005-3902