CVE-2005-4485

ProjectApp <3.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.

Exploits (7)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/26932

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/26936

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/26930

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/26935

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/26934

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsasp

https://www.exploit-db.com/exploits/26931

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappscgi

https://www.exploit-db.com/exploits/26933

View Code ZIP pw:eip

References (11)

[Third Party Advisory] http://pridels0.blogspot.com/2005/12/projectapp-mutliple-xss-vuln.html

[Vendor Advisory] http://secunia.com/advisories/18199

[Exploit] http://www.osvdb.org/21962

[Exploit] http://www.osvdb.org/21963

[Exploit] http://www.osvdb.org/21964

[Exploit] http://www.osvdb.org/21965

[Exploit] http://www.osvdb.org/21966

[Exploit] http://www.osvdb.org/21967

[Exploit] http://www.osvdb.org/21968

[Exploit] http://www.securityfocus.com/bid/16011

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/3040

Scores

EPSS 0.0097

EPSS Percentile 76.4%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

iatek/projectapp < 3.3

Timeline

Published Dec 22, 2005

Tracked Since Feb 18, 2026