CVE-2005-1803

Name of the Vulnerable Software and Affected Versions Net Portal Dynamic System (NPDS) version 5.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters to different PHP files, including the language parameter to "admin.php" and "powerpack f.php", the sitename parameter to "sdv infos.php", the categories parameter to "faq.php", the lettre parameter to the "glossaire" module, the title parameter to "reviews.php", or the image subject parameter to "reply.php".

Recommendations For Net Portal Dynamic System (NPDS) version 5.0, consider disabling or restricting access to the vulnerable parameters, such as language, sitename, categories, lettre, title, and image subject, until a patch is available. Restrict access to the affected PHP files, including "admin.php", "powerpack f.php", "sdv infos.php", "faq.php", the "glossaire" module, "reviews.php", and "reply.php", to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.