PT-2005-4892 · Logisphere · Logisphere

Published

2005-12-13

Updated

2008-09-05

CVE-2005-4204

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions LogiSphere version 0.9.9j

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary Javascript via the msg command. The extent to which this issue may be related to or distinct from a denial-of-service (DoS) issue associated with the msg command is unclear due to a lack of detailed information from the original researcher.

Recommendations For LogiSphere version 0.9.9j, as a temporary workaround, consider restricting the use of the msg command until a patch or more detailed guidance is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4204

Affected Products

Logisphere

PT-2005-4892 · Logisphere · Logisphere

CVE-2005-4204

Related Identifiers

Affected Products

References · 2