CVE-2005-0670 - OpenCVE

Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Coinsoft Technologies	Phpcoin

Configuration 1 [-]

OR	cpe:2.3:a:coinsoft_technologies:phpcoin:1.2:::::::*
	cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1:::::::*
	cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1b:::::::*

References

Link	Resource
http://forums.phpcoin.com/index.php?showtopic=4101
http://forums.phpcoin.com/index.php?showtopic=4116	Patch
http://forums.phpcoin.com/index.php?showtopic=4118
http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html
http://secunia.com/advisories/14439	Exploit Patch
http://securitytracker.com/id?1013329	Exploit
http://www.securityfocus.com/bid/12686	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/19572

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-03-07T05:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-03-07T00:00:00

Link: CVE-2005-0670

JSON object: View

NVD Information

Status : Modified

Published: 2005-05-02T04:00:00.000

Modified: 2017-07-11T01:32:22.233

Link: CVE-2005-0670

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "14439", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14439"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.phpcoin.com/index.php?showtopic=4118"}, {"tags": ["x_refsource_MISC"], "url": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.phpcoin.com/index.php?showtopic=4101"}, {"name": "1013329", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1013329"}, {"name": "12686", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12686"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.phpcoin.com/index.php?showtopic=4116"}, {"name": "phpcoin-xss(19572)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19572"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0670", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "14439", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14439"}, {"name": "http://forums.phpcoin.com/index.php?showtopic=4118", "refsource": "CONFIRM", "url": "http://forums.phpcoin.com/index.php?showtopic=4118"}, {"name": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html", "refsource": "MISC", "url": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html"}, {"name": "http://forums.phpcoin.com/index.php?showtopic=4101", "refsource": "CONFIRM", "url": "http://forums.phpcoin.com/index.php?showtopic=4101"}, {"name": "1013329", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013329"}, {"name": "12686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12686"}, {"name": "http://forums.phpcoin.com/index.php?showtopic=4116", "refsource": "CONFIRM", "url": "http://forums.phpcoin.com/index.php?showtopic=4116"}, {"name": "phpcoin-xss(19572)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19572"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0670", "datePublished": "2005-03-07T05:00:00", "dateReserved": "2005-03-07T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coinsoft_technologies:phpcoin:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "14FDCCE7-B76F-42EA-BD82-11D35AAED66E", "vulnerable": true}, {"criteria": "cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C84AC0DD-109D-4E44-9673-668238545F05", "vulnerable": true}, {"criteria": "cpe:2.3:a:coinsoft_technologies:phpcoin:1.2.1b:*:*:*:*:*:*:*", "matchCriteriaId": "8FECE4E8-3258-48E7-8F3A-F564512442CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts."}], "id": "CVE-2005-0670", "lastModified": "2017-07-11T01:32:22.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://forums.phpcoin.com/index.php?showtopic=4101"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://forums.phpcoin.com/index.php?showtopic=4116"}, {"source": "cve@mitre.org", "url": "http://forums.phpcoin.com/index.php?showtopic=4118"}, {"source": "cve@mitre.org", "url": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://secunia.com/advisories/14439"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1013329"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/12686"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19572"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}