CVE-2005-2467

Mysql Eventum - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.

Exploits (3)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/26056

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/26057

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/26058

View Code ZIP pw:eip

References (10)

Core 10

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/1287

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/16304

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/14436

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/18401

Exploit, Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1014603

Patch x_refsource_confirm

http://lists.mysql.com/eventum-users/2072

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=112292193807958&w=2

Exploit x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00093-07312005

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/18400

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/18402

Scores

EPSS 0.0205

EPSS Percentile 83.9%

Details

Status published

Products (8)

mysql/eventum 1.1

mysql/eventum 1.2

mysql/eventum 1.2.2

mysql/eventum 1.3

mysql/eventum 1.3.1

mysql/eventum 1.4

mysql/eventum 1.5.4

mysql/eventum 1.5.5

Published Dec 31, 2005

Tracked Since Feb 18, 2026