CVE-2005-3496 (CNNVD-200511-121)
中文标题:
PHP Handicapper多个跨站脚本攻击漏洞
英文标题:
Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitr...
漏洞描述
中文描述:
PHP Handicapper是一款运行多种体育信息和投注预测网上业务的系统。 PHP Handicapper中的跨站脚本攻击(XSS)漏洞可让远程攻击者通过msg.php的smg参数注入任意Web脚本或HTML。注意:某些消息来源确定process_signup.phpfy登录参数中有第二个矢量,但原始消息来源声称那是由于CRLF注入。
英文描述:
Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| php_handicapper | php_handicapper | * | - | - |
cpe:2.3:a:php_handicapper:php_handicapper:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:N/AC:M/Au:N/C:N/I:P/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2005-3496 |
2025-11-11 15:17:36 | 2025-11-11 07:32:28 |
| NVD | nvd_CVE-2005-3496 |
2025-11-11 14:51:20 | 2025-11-11 07:41:14 |
| CNNVD | cnnvd_CNNVD-200511-121 |
2025-11-11 15:08:48 | 2025-11-11 07:49:01 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 跨站脚本
- cnnvd_id: 未提取 -> CNNVD-200511-121
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 4.3
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:N/I:P/A:N
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']