Description
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
Exploits (3)
References (7)
Core 7
Core References
Third Party Advisory x_refsource_misc
http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2937
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21778
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21777
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15915
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21779
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18084
Scores
EPSS
0.0151
EPSS Percentile
81.3%
Details
Status
published
Products (6)
jonathan_bravata/scarecrow
2.00_beta
jonathan_bravata/scarecrow
2.01_beta
jonathan_bravata/scarecrow
2.10
jonathan_bravata/scarecrow
2.11
jonathan_bravata/scarecrow
2.12
jonathan_bravata/scarecrow
< 2.13
Published
Dec 17, 2005
Tracked Since
Feb 18, 2026