CVE-2005-0670
published 2005-05-02CVE-2005-0670: Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.43%
90.2th percentile
Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coinsoft_technologies | phpcoin | — | — |
| coinsoft_technologies | phpcoin | — | — |
| coinsoft_technologies | phpcoin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPCOIN 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-03-01
CVE-2005-0670 PHPCOIN 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
PHPCOIN 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/12686/info
Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality.
An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities).
http://www.example.com/phpcoin/login.php?w=user&o=login&e=u
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
Exploit-DB
PHPCOIN 1.2 - 'mod.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-03-01
CVE-2005-0670 PHPCOIN 1.2 - 'mod.php' Multiple Cross-Site Scripting Vulnerabilities
PHPCOIN 1.2 - 'mod.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/12686/info
Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality.
An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities).
http://www.example.com/phpcoin/mod.php?mod=helpdesk&mode=new
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://www.example.com/phpcoin/mod.php?mod=mail&mode=reset&w=user
%22%3E%3Cscript%3Ed
No writeups or analysis indexed.
http://forums.phpcoin.com/index.php?showtopic=4101http://forums.phpcoin.com/index.php?showtopic=4116http://forums.phpcoin.com/index.php?showtopic=4118http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.htmlhttp://secunia.com/advisories/14439http://securitytracker.com/id?1013329http://www.securityfocus.com/bid/12686https://exchange.xforce.ibmcloud.com/vulnerabilities/19572http://forums.phpcoin.com/index.php?showtopic=4101http://forums.phpcoin.com/index.php?showtopic=4116http://forums.phpcoin.com/index.php?showtopic=4118http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.htmlhttp://secunia.com/advisories/14439http://securitytracker.com/id?1013329http://www.securityfocus.com/bid/12686https://exchange.xforce.ibmcloud.com/vulnerabilities/19572
2005-05-02
Published