cbcvebase.
CVE-2005-0870
published 2005-05-02

CVE-2005-0870: Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script…

PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.72%
88.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianphpsysinfo< phpsysinfo 2.3-7 (bookworm)phpsysinfo 2.3-7 (bookworm)
phpsysinfophpsysinfo
phpsysinfophpsysinfo>= 0 < 2.3-72.3-7
phpsysinfophpsysinfo>= 0 < 2.3-72.3-7
phpsysinfophpsysinfo>= 0 < 2.3-72.3-7
phpsysinfophpsysinfo>= 0 < 2.3-72.3-7

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.