CVE-2005-2674

Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

Published: Aug 23, 2005
Updated: Nov 8, 2023
CVE: CVE-2005-2674
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
neocrome / land_down_under	800	800.x

http://marc.info/?l=bugtraq&m=112456235729717&w=2
http://securitytracker.com/id?1014747
http://www.neocrome.net
http://www.securityfocus.com/bid/14619

Vulnerability Database

290,206

CVE-2005-2674