CVE-2005-1075
published 2005-05-02CVE-2005-1075: Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.01%
78.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| radscripts | radbids | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RadScripts RadBids Gold 2.0 - 'faq.php?farea' Cross-Site Scripting
exploitdb·2005-04-09
CVE-2005-1075 RadScripts RadBids Gold 2.0 - 'faq.php?farea' Cross-Site Scripting
RadScripts RadBids Gold 2.0 - 'faq.php?farea' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13080/info
RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection.
The following specific vulnerabilities were identified:
A remote attacker can disclose arbitrary files. Information gathered through this issue may allow the attacker to carry out other attacks against an affected computer.
The application is affected by a SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Multiple cross-site scripting
Exploit-DB
RadScripts RadBids Gold 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2005-04-09
CVE-2005-1075 RadScripts RadBids Gold 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
RadScripts RadBids Gold 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/13080/info
RadBids Gold is reported prone to multiple vulnerabilities. These issues include arbitrary file disclosure, cross-site scripting, and SQL injection.
The following specific vulnerabilities were identified:
A remote attacker can disclose arbitrary files. Information gathered through this issue may allow the attacker to carry out other attacks against an affected computer.
The application is affected by a SQL injection vulnerability. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Multiple
No writeups or analysis indexed.
http://secunia.com/advisories/14906http://www.digitalparadox.org/advisories/rga.txthttp://www.osvdb.org/15430http://www.osvdb.org/15431http://www.securityfocus.com/archive/1/395527http://www.securityfocus.com/bid/13080https://exchange.xforce.ibmcloud.com/vulnerabilities/20038http://secunia.com/advisories/14906http://www.digitalparadox.org/advisories/rga.txthttp://www.osvdb.org/15430http://www.osvdb.org/15431http://www.securityfocus.com/archive/1/395527http://www.securityfocus.com/bid/13080https://exchange.xforce.ibmcloud.com/vulnerabilities/20038
2005-05-02
Published