CVE-2005-4167

Efiction - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by [email protected] · textwebappsphp

https://www.exploit-db.com/exploits/26591

View Code ZIP pw:eip

References (5)

Core 5

Core References

Various Sources x_refsource_confirm

http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15568

Exploit, Vendor Advisory x_refsource_misc

http://rgod.altervista.org/efiction2_xpl.html

Exploit, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17777

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html

Scores

EPSS 0.0123

EPSS Percentile 79.4%

Details

Status published

Products (2)

efiction_project/efiction 1.0

efiction_project/efiction 1.1

Published Dec 11, 2005

Tracked Since Feb 18, 2026