PT-2005-5172 · Scoop · Scoop

Published

2005-12-22

Updated

2011-03-08

CVE-2005-4489

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Scoop versions 1.1 RC1 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the type and count parameters, and the query string in a story.

Recommendations For Scoop versions 1.1 RC1 and earlier, avoid using the type and count parameters, and restrict access to the query string in a story until a fix is available. As a temporary workaround, consider validating and sanitizing user input for these parameters to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4489

Affected Products

Scoop

PT-2005-5172 · Scoop · Scoop

CVE-2005-4489

Related Identifiers

Affected Products

References · 9