CVE-2005-3955

Blogbuddies - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by gb.network · textwebappsphp

https://www.exploit-db.com/exploits/26573

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by gb.network · textwebappsphp

https://www.exploit-db.com/exploits/26574

View Code ZIP pw:eip

References (15)

[Various Sources] http://retrogod.altervista.org/JAWS_062_sql.html

[Mailing List] http://seclists.org/fulldisclosure/2015/May/35

[Patch, Vendor Advisory] http://secunia.com/advisories/17741

[Vendor Advisory] http://secunia.com/advisories/20842

[Patch] http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847

[Various Sources] http://www.jaws-project.com/index.php?blog/show/29

[Exploit] http://www.securityfocus.com/bid/15555

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/2546

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27337

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438434/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18665

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21112

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21113

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21643

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015264

Scores

EPSS 0.0256

EPSS Percentile 85.3%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

blogbuddies/blogbuddies

jaws/jaws

magpierss/magpierss

Timeline

Published Dec 01, 2005

Tracked Since Feb 18, 2026