{"vuid":"VU#664422","idnumber":"664422","name":"PhpWebSite contains multiple cross-site scripting vulnerabilities","keywords":["phpWebSite","cross-site scripting","xss"],"overview":"PhpWebSite contains multiple cross-site scripting vulnerabilities that may allow an attacker to execute arbitrary code on users' web browser.","clean_desc":"PhpWebSite is an open-source web content management system. Certain PhpWebSite modules fail to properly filter URLs for malicious content. This may allow scripting code to be inserted into a URL and then executed within the users' web browser. The following PhpWebSite modules contain this vulnerability: Calendar\nFatcat\nPagemaster\nSite Search\nComments In addition, error pages generated by PhpWebSite are reported to be vulnerable.","impact":"An attacker may be able to execute arbitrary code in a guest or logged-in users' web browser with the privileges of that user.","resolution":"Apply a Patch PhpWebsite has released a patch to address this issue available at: http://www.phpwebsite.appstate.edu/downloads/security/phpwebsite-core-security-patch.tar.gz.","workarounds":"","sysaffected":"","thanks":"This vulnerability was publicly reported by GulfTech Security.","author":"This document was written by Jeff Gennari.","public":["http://www.gulftech.org/?node=research&article_id=00048-08312004","http://www.securitytracker.com/alerts/2004/Aug/1011120.html","http://www.securityfocus.com/archive/1/332561","http://marc.theaimsgroup.com/?l=bugtraq&m=106062021711496&w=2","http://www.osvdb.org/displayvuln.php?osvdb_id=9445","http://www.osvdb.org/displayvuln.php?osvdb_id=3842","http://www.osvdb.org/displayvuln.php?osvdb_id=3846","http://www.osvdb.org/displayvuln.php?osvdb_id=3845","http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0736","http://www.phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=822"],"cveids":["CVE-2003-0736"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-09-02T17:54:36Z","publicdate":"2004-08-31T00:00:00Z","datefirstpublished":"2004-10-19T19:09:50Z","dateupdated":"2004-10-19T19:09:57Z","revision":128,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"19","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"4","cam_impact":"9","cam_easeofexploitation":"3","cam_attackeraccessrequired":"14","cam_scorecurrent":"0.59535","cam_scorecurrentwidelyknown":"0.6237","cam_scorecurrentwidelyknownexploited":"1.1907","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.59535,"vulnote":null}